Fix Gmail SMTP: The ‘Less Secure App’ Replacement

Gmail’s ‘Less Secure App’ is Gone, Right Way to Set Up Gmail SMTP

Is your connection to the Gmail SMTP server suddenly broken? Are you frantically searching your Google Account settings for the “Less Secure App” toggle, only to find… it’s gone?

You’re not crazy.

We’ve all been there. For years, “Less Secure App” was the quick-and-dirty switch we all flipped to connect websites, scanners, or third-party email clients to our Gmail accounts. As of May 30, 2022, Google officially and permanently removed this feature.

Don’t panic. There is a new, more secure, and Google-approved method. It’s called an App Password, and it’s surprisingly easy to set up.

This guide will walk you through the correct way to set up Gmail SMTP without the “Less Secure App” option.

Why Did Google Kill ‘Less Secure Apps’?

Simply put: security.

The LSA setting was a master key. It allowed any application that had your main Google password to access everything—your email, calendar, contacts, everything. If your WordPress site got hacked, the hacker got your entire Google account.

The new “App Password” method is much safer. You generate a unique, 16-character password that works only for that one specific application (e.g., “My Website’s SMTP Plugin”). If that password ever leaks, you can just delete it without compromising your main account.

The 2-Step Solution: How to Create a Gmail App Password

Before you can create an App Password, you must enable 2-Step Verification (2SV). This is no longer optional for this process.

Step 1: Enable 2-Step Verification (If You Haven’t Already)

1. Go to your main Google Account page: myaccount.google.com
2. On the left, click Security.
3. Under “How you sign in to Google,” click 2-Step Verification.
4. Click Get Started and follow the on-screen prompts. You’ll need to link your phone number to receive a verification code.

Once 2SV is active, you can move on.

Step 2: Generate Your App Password

This is the magic part. You are about to create the new “password” your application will use.

1. Go back to the Security page in your Google Account.
2. Under “How you sign in to Google,” you will now see an App Passwords option. Click it. (If you don’t see it, it’s because you just enabled 2SV. Sign out and sign back in).
3. You may be asked to re-enter your main Google password.
4. On the App Passwords screen, you’ll see two dropdown menus.
   • Select app: Click this and choose “Mail”.
   • Select device: Click this and choose “Other (Custom name)…”
5. A box will appear. Give it a descriptive name you’ll recognize, like “WordPress Website” or “My Canon Scanner.”
6. Click Generate.

Google will now display a 16-character password in a yellow box.

Important: This is your new SMTP password. Treat it like a password. Copy it immediately and paste it somewhere safe (like your application’s password field), because once you click “Done,” Google will never show you this exact password again.

The Final Step: Your New Gmail SMTP Settings

Now, go to your website plugin (like WP Mail SMTP), email client (like Outlook or Thunderbird), or device settings. Where it asks for your SMTP credentials, use these exact settings.

• SMTP Server: smtp.gmail.com
• Username: Your full Gmail address (e.g., you@gmail.com)
• Password: The 16-character App Password you just generated (NOT your regular Gmail password).
• Port (TLS): 587
• Port (SSL): 465
• Encryption: TLS or STARTTLS (Use SSL if TLS doesn’t work)

That’s it! Your application will now securely connect to Gmail’s server using this new, more secure method

Troubleshooting & FAQs

• “I don’t see the ‘App Passwords’ option!” You must enable 2-Step Verification first. Go back to Step 1. If you just turned it on, try logging out and back into your Google Account.
• “I have a Google Workspace (G Suite) account and I still don’t see it.” Your Workspace administrator may have disabled this feature. You will need to contact your admin and ask them to “Allow users to manage their access to less secure apps” (even though the name is misleading, this setting often controls App Password access as well).
• “It’s still not working!” Double-check for typos. The most common mistake is pasting the 16-character password with an extra space. Also, ensure IMAP is enabled in your Gmail settings (Settings > See all settings > Forwarding and POP/IMAP > Enable IMAP).

You’re All Set: Secure, Modern Email Sending

It can be frustrating when Google changes things, but this move away from “Less Secure Apps” is a major win for account security.

By using an App Password, you’ve not only fixed your email connection but also protected your main account. You can now send emails from your website or app with peace of mind, knowing you’re using Google’s modern, approved, and secure standard.