Unable to Access Gmail Accounts

When connecting to a Gmail mail server, an error is returned which indicates the username or password is invalid. The account and password are valid, and mail can be sent and received using a different application or through the website. Applications previously created using SocketTools components were able to access the same Gmail account without any issues.

Google announced that after May 30, 2022 users would no longer be able to access Gmail using IMAP4, POP3 or SMTP using their password. Previously, users could enable a setting which allowed applications using these protocols to authenticate using their Google account password. That setting is no longer available, and attempts to authenticate using a password will always fail.

There are two possible solutions to resolving this issue. The first is to update your application use OAuth 2.0 for authorization instead of a password. The current version of SocketTools supports the use of OAuth 2.0 bearer tokens, and there is a detailed Frequently Asked Questions (FAQ) article which discusses how the protocol works and what needs to be done to use it with Google and Microsoft mail services. SocketTools 10 Build 1245 and later support OAuth 2.0, and developers using older versions of SocketTools will need to upgrade to the current version.

If upgrading the application to use OAuth 2.0 is not an option, the only other solution is to enable 2-Step Verification (also known as two-factor authentication or 2FA) for the account. This will require the account to be linked to a device such as a smartphone. Once the account has 2FA enabled, you will need to configure the account to allow a sign-in using an App Password. From that point forward, you will use the app password instead of the account password to access the Gmail account.

After enabling two-factor authentication, it is recommended you create recovery codes which can be used to recover access to the account if the device is lost or damaged. The app password is randomly generated, you cannot select a unique password yourself. It is only available for the service and type of device you select (e.g.: a Windows desktop mail application) when creating the password.

Enabling two-factor authentication for the account will not require authorizing access using the device every time your application checks or sends mail. The additional verification step is only required when accessing or changing the account settings.

See Also

OAuth 2.0 Frequently Asked Questions
Less Secure Apps and Your Google Account