Gmail "access for less secure apps" setting

Question

Hello,

when I disable "Access for less secure apps" on this page: https://www.google.com/settings/u/1/security/lesssecureapps , then I can no longer use Mail.dll to connect to my Gmail account. An exception is thrown:

[ALERT] Please log in via your web browser: http://support.google.com/mail/accounts/bin/answer.py?answer=78754 (Failure)

When I enable that access, I can successfully log in to Gmail.

I use SSL: ImapConnection.ConnectSSL() and then ImapConnection.UseBestLogin()

I have no idea what exactly they mean by "less secure apps"

Answer 1

This setting affects IMAP access (even with SSL/TLS turned on). Using login methods, that require a knowledge about user's password (e.g. Login, UseBestLogin) fails, when this setting is off.

Mail.dll uses IMAP over SSL/TLS to access Gmail. This is secure and safe way of accessing an email server. It relies on .NET framework security model.
Workarounds:

• Use OAuth 2.0 (OAuth 2.0 for installed applications, OAuth 2.0 for web applications, OAuth 2.0 for service accounts) which works despite the disabled setting.

• Use application specific passwords:
  https://www.limilabs.com/blog/enable-imap-in-gmail

• [no longer valid] Simply turn 'less secure apps' on: https://www.google.com/settings/security/lesssecureapps
  (use incognito mode so you are sure you are logged in to correct account)

Google support page you pointed to doesn't make much sense. It doesn't say what do they mean by 'less secure' exactly? What makes Microsoft Outlook and Mozilla Thunderbird 'less secure'? Which versions? 'Less secure' than what?

It seems it is not an issue of whether or not client application is implementing the latest version of SSL/TLS etc., Google simply tries to limit places that store users' passwords.