How to keep IMAP access to gmail after May 30?

Question

Google has been kind enough to give lots of advance notice that it will stop providing "Less secure app access" to third party applications (image of email below). I use Outlook 2013 and 2019 (desktop app, not Office 365) to access gmail via IMAP. The email also advised that I need to upgrade to Outlook 2019.

I just did a test by turning off "Less secure app access". Neither Outlook 2013 nor 2019 is able to access Gmail's IMAP servers. I have been unable to find the details of what specific things make access "less secure" so that I can try to redress the problem.

What do I have to do to make Outlook 2019 work without "Less secure app access"? Do I have to choose a different encryption? This question applies to Outlook 2019 on my home laptop.

Even if you don't want to share details about how you did it, it would be useful to know whether anyone has made this work (for Outlook 2019 desktop app, not as part of Office 365).

Even if you had to move to a paid Gmail account to get this to work, thanks if you can share this fact, and (only if you like), the details behind the procedure.

Can I do the same with Outlook 2013? If not, this presents a problem. It is on a work laptop, and I don't believe that I am free to install my own commercial software on it. Normally, work laptops connect to Exchange servers behind a firewall. This particular laptop is meant to be used outside of the firewall, so it uses IMAP to connect to gmail.

For the work laptop, even if I could upgrade to Outlook 2019, there is the additional problem that Outlook 2019 seems to work much, much more slowly and less reliably than 2013. At least that's been my experience - though it could be due to the lesser horse power on my home laptop.

Things tried #1

I first disallowed less secure apps.

As per one a comment in one of the answers, I followed page "Set up Gmail with a third-party email client". The relevant section seemed to be:

Set up Gmail with Microsoft Outlook
- Set up Gmail with Outlook on a PC

Therein, I followed a link to "Add a Gmail account to Outlook for Windows". As shown there, I chose File -> Add Account. Thereafter, I tried the non-manual (automatic) setup:

It failed:

Things tried #2

I then tried the manual setup without Secure Password Authentication (SPA):

It's obvious now that the reason for the failure of the automatic setup is that "automatic" means O365 speifically. After entering the fields for IMAP as shown, I clicked on "More settings":

The above settings are consistent with the page Check Gmail through other email platforms, section "Step 2: Change SMTP & other settings in your email client".

However, the connection to IMAP and SMPT servers for incoming and outgoing email still failed:

So my attempts to set up Oauth2 using "manual" setup of the Outlook client also failed.

Things tried #3

I thought I could try the non-manual setup again, but first enabling Oauth2 on the server side. I then followed Recommendations for setting up IMAP. However, the procedure requires login at admin.google.com, which "is used for Google Workspace[/Cloud] accounts only" (formerly called G Suite). This is explained a bit here and slightly better here.

This is a personal email account, so I don't have Google Workspace. I looked to see if it can be gotten free, but while one might be able to get a similar effect with a free account, I doubt that you will actually get a Google Workspace account.

Things tried #4

Following suggestions, I tried manual setup with Secure Password Authentication (SPA). Less secure apps was enabled for all these tests.

For "Internet Email Settings" (i.e., "More settings"), I tried 3 configuration:

SMTP settings mirror IMAP settings
Custom SMTP settings, but with same User Name, Password, and SPA settings as IMAP
Custom SMTP settings, but with SPA disabled

In all cases, connection to SMTP failed because the encryption isn't supported. No details about what exactly isn't supported or what is supported.

Things tried #5

In response to another comment, I specified an SMTP port of 465 for SSL/TLS. Here are the settings:

With “Less secure apps” access allowed, the settings as shown above work for Outlook 2019.
Additionally, in the “POP and IMAP account settings panel, requiring SPA worked
Additionally, in the “Internet Email Settings” panel, in the “Outgoing Server” tab, requiring SPA worked
With “Less secure apps” access disabled, however, the server rejected the logon, and said I should verify my user name and password
This didn’t matter whether SPA was required in both of the above checkboxes, either one of them, or neither of them
On Outlook 2016, the encryption options were a bit different. There is no combined "SSL/TLS"; they are separate options. Port 465 required that SSL be chosen, and it didn't work if TLS is chosen. Since TLS is an improvement on TLS, I wanted to use that, and I had to specify port 587 for it to work. Of course, it only works when "Less secure apps" access is enabled, in which case it didn't matter which of the SPA checkboxes were checked.

Things tried #6

After re-reading the posted answer about modifying the registry to enable Oauth2, I tried the following for Outlook 2019. I used regedit to navigate to HKCU:\Software\Microsoft\Office\16.0\Common\Identity. Note that in Outlook 2019, I had 16.0, not 15.0. I created a DWORD EnableADAL and set it to 1. I started Outlook and tried to set the encryption. I did not have Oauth2 in the pulldown list, or anything like it. What I saw that was new was an Auto encryption.

According to this page, Auto tries the other encryption options, from most to least secure. Unfortunately, Oauth2 isn't among the "other" options. Even if it was, however, Auto is a dangerous setting because it creates the possibility of connecting with no encryption, as described in the aforementioned link.

This was tried on Outlook 2019. I find it very odd that Oauth2 is unavailable because the Google message about dropping less secure apps access after May 30 (above) explicitly suggests Outlook 2019 as a solution.

Conclusion

I could be wrong, as I'm not an IT person, but if the problem lies in Things tried #3, then it looks as if, come May 30, the need for Oauth2 will leave the free account users behind. Unless one is only going to access mail via a browser, one will need to move to a business account. :(

score 4 · Answer 1 · edited Nov 12 '24 at 09:35

By "less secure", Google means that OAuth 2 is not now enabled in Outlook on your PC. Since Outlook 2016, OAuth 2 has been built in, but it is not automatically enabled. For Outlook 2013, it is also available, but requires a Registry hack.

To enable OAuth 2 in Outlook 2013:

Press Windows, type rege, and select Regedit.
In the Location bar at top, go to HKCU:\Software\Microsoft\Office\15.0\Common\Identity (you can paste that into the bar).
In Identity, right-click and create a new DWORD value named EnableADAL.
Double-click that value and set it to 1.

Then, in either version, open Outlook account settings, and try to change authentication to OAuth 2, as in GMail instructions.

user2153235 · Answer 2 · 2022-04-28T15:41:43.683

I haven't found a way to keep IMAP between Outlook and Gmail, but if I fall back to webmail access to Gmail, I can save any calendar invites as an *.ics file on the local computer, then open it with Outlook to add it to my local calendar.

Similarly, instead of forwarding Outlook calendar events from my local computer by having Outlook connect to Gmail, I save an existing event as an *.ics file, then use webmail to access Gmail and send it to recipients.

Same deal with creating new calendar events on the local Outlook calendar. Save as *.ics, then use webmail to access Gmail and send it to recipients.

Afternote 2022-04-28: Google's setup page says that on Outlook, you should be able to use File -> Add Account to get a popup window for Google Sign In. I found that not to be the case. I just get the traditional Outlook popup window for account, setup, which has nothing to do with Google Sign In:

Stancho · Answer 3 · 2022-05-05T13:39:23.990

0

I just managed to connect an Outlook 2016 to a @gmail.com account via IMAP by

enabling 2FA and then
using an app password generated from my Google account.

Enabling 2FA automatically disables "Less secure apps" meaning that it should remain working after May 30.

Working with app passwords is explained here: https://support.google.com/accounts/answer/185833

edited May 05 '22 at 13:39

answered May 05 '22 at 12:38

Stancho

1

score 0 · Answer 4 · answered May 19 '22 at 16:25

0

I've just tested and found it even works with Outlook 2010.

There are really good step by step directions at:

https://www.laptopmag.com/articles/set-up-gmail-2-factor-for-outlook

answered May 19 '22 at 16:25

Mike C

11

score 0 · Answer 5 · edited Jun 07 '22 at 20:37

Following this Youtube video https://www.youtube.com/watch?v=h_NP3pcvkAg (describing the same approach as MikeC and Stancho wrote about on the top).

The basic steps for me (Outlook 2013 and IMAP) was the ones below. I did not have to use the registry hack described here to enable OAuth2 to read and send my mails via the Gmail account to/rom Outlook2013).

go into the Account/Security settings Follow the "Turn on "2 Factor Authentication (2FA)" (Yes - now you have to provide a phone number)
Now, App Passwords below 2FA becomes visible
Add a new password
Copy the generated password
Open(Change) your Gmail account settings in Outlook
Replace the password with the one copied from above
Finish

Now things worked for me. Hope it works for you too.

How to keep IMAP access to gmail after May 30?

5 Answers5