This past week, Google announced their annual Security Checkup. The offer boasted an extra 2GB of free Google Drive storage for completing a yearly security checkup. All that was required was for you to sign into your Google account and review your security settings. Sounds simple, right?
While the process may have been painless, some of the implications of modifying your security settings could leave you without being able to login your GMail from a number of desktop, tablet, or mobile devices. Examples of some commonly affected devices include:
- Email app on iPhone or iPad with iOS6 or below
- Email app on Windows Phone versions prior to 8.1
- 3rd party email apps on Android devices
- Microsoft Outlook
- Mozilla Thunderbird
So What Broke?
Well, there’s a setting page called Allow less secure apps that was part of your yearly checkup. You may have accidentally clicked on the option to “Turn off” access for less secure apps without knowing it’s implications. After all, who doesn’t want to increase their security?
By turning off this setting, you increased the security level of your account. That’s great!
What’s not so great is if you actually had applications using less secure methods of login authentication with Google. If you did, you likely started receiving a “Password Incorrect” error message or similar from your mail client. You may have also received an email from Google with a subject line of “Sign-in attempt prevented” that looks like this:
The root cause of this error is that the mail application(s) you are using are likely still authenticating with google via Basic Authentication.
Basic Authentication is a rudimentary form of login authentication which does not securely encrypt your username and password when you login to your mail client. This is very bad. If you connect to a public network or WiFi, somebody with a few basic networking tools can packet sniff your wireless communications and steal your login information in plaintext! It’s the same type of error you may receive when you
What’s the Fix?
The recommended fix is that you need to adjust your mail settings within your offending mail client(s) to authenticate with Google over SSL and/or TLS. The settings you will need to verify and adjust within your offending mail clients are as follows:
|GMail Setting||Correct Value|
|SMTP server address||smtp.gmail.com|
|SMTP username||Your full email address (e.g. firstname.lastname@example.org)|
|SMTP password||Your Gmail password|
|SMTP port (SSL)||465|
|SMTP TLS/SSL required||yes|
If you really need your email fast, the quick fix is to log in to your Google Apps account, navigate to Allow less secure apps, and turn on access for less secure apps. Unfortunately, this is not a safe option and we do not recommend it.
Thank you Google
Google deserves a huge thank you for their yearly security checkup. They’re doing the general public a huge favor by offering security features which keep your accounts and passwords safe. If you get a chance, please login to your account and verify that you have turned off allowing less secure apps. It’s well worth your time to fix your mail clients to keep your passwords and email secure.