2

It is required to turn on the allow less secure apps setting in order to be able to use a gmail account with outlook 2013, despite it is using the IMAP and SMTP services with SSL protocol enabled.

Why doesn't outlook 2013 meet modern security standards?

ncomputers
  • 123
  • 5

1 Answers1

5

That specific GMail account flag simply allows system that uses standard SMTP to connect without using OAUTH2.

The only secure password authentication method gmail allows SMTP clients to use is a (non.standard) XOAUTH2 SASL mechanism (the correct tag is actually OAUTHBEARER).

GMail has decided to refuse all other secure login mechanism: you're either using their own flavor of OAUTH2 SASL or you need to enable that flag and use the LOGIN (i.e. cleartext) password. Security-wise, your password is still proetcted by the TLS encryption. What changes is that the client application needs to keep your password in an encrypted format while, with OAuth, it keeps an access token (a per-application password, if you want).

In other words: it's not that Outlook does not "meet modern security standards", it's that google have a very peculiar view of what these standards are.

Stephane
  • 18,557
  • 3
  • 61
  • 70
  • 1
    @ncomputers.org you may wish to generate an app specific password to ensure you don't need to use your primary google password [Google Support Page](https://support.google.com/accounts/answer/185833?hl=en) – Alex KeySmith Jan 26 '16 at 09:03
  • 1
    @AlexKeySmith It's a good choice. We'll recommend it :D Thank you very much! – ncomputers Jan 26 '16 at 09:14