Honestly, if you woke up one morning and your scanner, old Outlook, or that custom Python script suddenly stopped sending emails, you aren't alone. You probably saw a cryptic "Authentication Failed" error even though you knew—for a fact—your password was correct. For years, the google less secure app setting was the "open sesame" of the internet. It allowed third-party tools to access your Gmail using nothing but a simple username and password.
But that era is over. It's dead.
Google didn't just hide the setting; they ripped it out by the roots. As of late 2024 and heading into 2025, the toggle switch for "Less Secure App access" has vanished from the Google Account security dashboard. If you're looking for it now in 2026, you're chasing a ghost.
The Day the Password Died
Why would Google do this? It sounds like a massive headache for users, and it was. But from a security standpoint, "basic authentication" (just a username and password) is basically like leaving your house key under the mat and telling the whole neighborhood where it is. If a hacker got your password once, they had the keys to your entire digital kingdom.
They replaced this with OAuth 2.0. You've seen this before—it’s that little popup that says "Sign in with Google." Instead of giving an app your actual password, you give it a "token." This token is like a VIP pass that only works for that specific app. If the app gets hacked, your main Google password stays safe.
Most people didn't notice the change because modern apps like the Gmail app on iPhone or the latest Outlook already use OAuth. But if you were clinging to Outlook 2016, an old version of Thunderbird, or a dusty office printer that "scans to email," you hit a brick wall.
What Actually Counts as a "Less Secure App"?
It’s a bit of a vague term, right? Basically, it’s any app that asks for your Google password directly in its own interface.
- Older Mail Clients: We’re talking Microsoft Outlook 2016 or earlier.
- Legacy Mobile Apps: Old versions of the "Mail" app on iOS (before iOS 11) or older Android mail clients.
- The Hardware Crowd: Printers, scanners, and smart home hubs that need to send SMTP notifications.
- Custom Code: Scripts written in PHP, Python, or Node.js that use a simple SMTP library.
The Workaround Nobody Tells You About: App Passwords
So, your app doesn't support OAuth. You can't "Sign in with Google." Does that mean your $2,000 office scanner is now a paperweight? Not quite.
There is a "back door" called App Passwords. It's a 16-digit code that Google generates for you. You use this instead of your real password. It’s still technically a password, but it’s restricted and much harder to exploit.
Here is the catch: You must have 2-Step Verification (2FA) turned on. If you don't have 2FA enabled, the App Password option won't even show up in your settings. It’s Google’s way of forcing you to be safe. Once 2FA is on, you go to your Google Account security settings, search for "App Passwords," and generate one for "Mail" or "Other."
It’s a 16-character string. No spaces. You paste that into your app’s password field, and suddenly, like magic, the connection works again.
Why You Can't Find the "Less Secure App" Toggle
If you're digging through your settings and searching for the phrase "google less secure app," you'll find plenty of old YouTube tutorials telling you to "just turn the switch to ON."
Stop looking.
📖 Related: Starbase: What Most People Get Wrong About the SpaceX City in Texas
Google officially completed the shutdown for all Workspace and personal accounts by the end of 2024. For a while, they had a "grace period" for people who already had it turned on. But now? The setting is gone. If you never turned it on before, you can't turn it on now. If you had it on, they turned it off for you.
Real-World Fixes for 2026
If you're stuck, here is the path forward. No fluff.
- Check for an Update: If you're using Thunderbird or Apple Mail, simply deleting the account and re-adding it often fixes everything. When you re-add it, the app will likely prompt the "Sign in with Google" screen. That's OAuth in action. Use it.
- The Printer Problem: If your printer doesn't support OAuth (most don't), use the App Password method mentioned above. Most Xerox, Brother, and HP machines have a web interface where you can swap the password.
- For Developers: If you're still using
smtplibin Python or similar libraries, you've got to stop using your main password. Use an App Password. Or, better yet, use the Gmail API. It's more work to set up, but it won't break every time Google changes a security policy.
The Verdict on Security
Is this annoying? Yes. Is it better for you? Also yes.
The google less secure app era was a goldmine for credential stuffing attacks. Hackers would take a password leaked from a random fitness app and try it on Google's SMTP servers. Because there was no 2FA on those basic connections, they'd get in. By killing this feature, Google essentially locked the windows while leaving the front door (OAuth) open for legitimate guests.
If you are still getting "Incorrect Password" errors, don't change your password. You're just wasting time. Your password is fine. It’s the method of logging in that Google hates.
Next Steps to Secure Your Access:
- Audit your connected apps: Go to your Google Account and check "Data & Privacy" -> "Apps with access to your account." Delete anything you don't recognize.
- Enable 2-Step Verification immediately: You can't use App Passwords without it, and honestly, you shouldn't be online without it in 2026.
- Generate an App Password: For that one legacy device that refuses to die, create a specific code and label it "Office Printer" so you can revoke it later if you need to.