"Less secure apps" being blocked by Google

Question

"Less secure apps" being blocked by Google

Opened this issue 2 years ago · 5 comments

As of now the mail and calendar apps, for being used with Google Accounts, need you to go to the settings of your account and to allow "Access to less secure apps", as cited below:

"What of this issue? I still cannot add a calendar as "less secure" sign-in strategies are blocked by Google.

Originally posted by @chances in #360 (comment)"

The issue is: this option is going to be eliminated by Google in a month, so we will be unable to use our accounts with Elementary OS apps if they keep using simple authentication and CalDAV. I received an email from Google (which is in Portuguese) saying "Login with Google" or "OAuth 2.0" should be used instead. It also links to this page from Google that explains:

"To help keep your account secure, starting May 30, 2022, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.

Please note this deadline does not apply to Google Workspace or Google Cloud Identity customers. The enforcement date for these customers will be announced on the Workspace blog at a later date.

For more information, please continue reading.

Special Note on Apple Device Sign-Ins. Users who have not recently signed into their Google Account using only username and password will be able to only make new sign in attempts using the Google account type starting from February 28, 2022. Existing users may continue to sign into their Google Account using their username and password until May 30, 2022.
If an app or site doesn’t meet our security standards, Google might block anyone who’s trying to sign in to your account from it. Less secure apps can make it easier for hackers to get in to your account, so blocking sign-ins from these apps helps keep your account safe."

Answer 1 · 2022-04-30T16:58:00.000Z

Hey thanks for your report. This is a really unfortunate move for Google as they also control who they approve for an oauth integration and have not approved our application.

In the meantime I recommend creating an app password: https://support.google.com/accounts/answer/185833?hl=en

Answer 2 · 2022-04-30T20:37:28.000Z

Thanks for your answer Danielle, I'll be doing that!

Answer 3 · 2022-05-01T15:26:44.000Z

@danrabbit Has there been any indication from Google why your OAuth application has stalled?

Answer 4 · 2022-05-09T04:59:24.000Z

Hey, I'm kinda having the same problem... using app passwords doesn't seem to work, it says "unauthorized" when I try to log in... I've got the two step verification option enabled... probably has to do with that... has anyone solved this issue? thanks

Answer 5 · 2022-05-09T22:14:27.000Z

@chances No, at this point we should probably reapply