[Imap-protocol] Seeking clarity on Gmail "Access for less secure apps" setting for non XOAuth2 access

Brandon Long blong at google.com
Tue Sep 2 14:21:32 PDT 2014

On Fri, Aug 29, 2014 at 8:50 AM, Andrew Sutherland <asuth at mozilla.com>


> I applaud both the effort to protect users and the use of whatever

> heuristics these are to avoid needlessly inflicting pain on users. However,

> it does leave me confused what users will be impacted. Is it just GMail

> users over a certain account age who haven't leveraged PLAIN logins in some

> number of months? Is it dependent on the suspicious login heuristics? I

> do know that some testers have run into this problem recently, so it's not

> imagined.


So, you have figured it out. The state is actually tri-state, 'default',
'enabled', 'blocked'. Any account which had used PLAIN logins in the last
N days prior to the launch was set to 'enabled'. Any new account starts in
'default', which will moved to 'enabled' if a successful login occurs in
the first month of the account. All other accounts were set to disabled.

We may also automatically disable it for any account which stops using
PLAIN logins for several months.

We didn't add a new error message since we just send the user to the
support page which now includes the "allow less secure apps" information.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman13.u.washington.edu/pipermail/imap-protocol/attachments/20140902/11347175/attachment.html>

More information about the Imap-protocol mailing list