Unable to find Less Secure Apps setting

Question

We used our Gmail credentials in Nodemailer to send test emails in development. We tried sending one today with the same configuration as yesterday and received the following error:

2020-05-04T10:17:35.547Z Error: Invalid login: 535-5.7.8 Username and Password not accepted. Learn more at
04/05/2020 12:17:35 535 5.7.8 https://support.google.com/mail/?p=BadCredentials s18sm19281474wra.94 - gsmtp
04/05/2020 12:17:35 at SMTPConnection._formatError (/home/node/backend/node_modules/nodemailer/lib/smtp-connection/index.js:784:19)
04/05/2020 12:17:35 at SMTPConnection._actionAUTHComplete (/home/node/backend/node_modules/nodemailer/lib/smtp-connection/index.js:1523:34)
04/05/2020 12:17:35 at SMTPConnection.<anonymous> (/home/node/backend/node_modules/nodemailer/lib/smtp-connection/index.js:550:26)
04/05/2020 12:17:35 at SMTPConnection._processResponse (/home/node/backend/node_modules/nodemailer/lib/smtp-connection/index.js:942:20)
04/05/2020 12:17:35 at SMTPConnection._onData (/home/node/backend/node_modules/nodemailer/lib/smtp-connection/index.js:749:14)
04/05/2020 12:17:35 at TLSSocket.SMTPConnection._onSocketData (/home/node/backend/node_modules/nodemailer/lib/smtp-connection/index.js:195:44)
04/05/2020 12:17:35 at TLSSocket.emit (events.js:310:20)
04/05/2020 12:17:35 at addChunk (_stream_readable.js:286:12)
04/05/2020 12:17:35 at readableAddChunk (_stream_readable.js:268:9)
04/05/2020 12:17:35 at TLSSocket.Readable.push (_stream_readable.js:209:10)
04/05/2020 12:17:35 2020-05-04T10:17:34.439Z RES e77bea28-7092-4ec5-81b7-8230bd068e5a POST /projects/111/items 201 1117
04/05/2020 12:17:35 2020-05-04T10:17:35.588Z Error: Invalid login: 535-5.7.8 Username and Password not accepted. Learn more at
04/05/2020 12:17:35 535 5.7.8 https://support.google.com/mail/?p=BadCredentials p7sm18057972wrf.31 - gsmtp
04/05/2020 12:17:35 at SMTPConnection._formatError (/home/node/backend/node_modules/nodemailer/lib/smtp-connection/index.js:784:19)
04/05/2020 12:17:35 at SMTPConnection._actionAUTHComplete (/home/node/backend/node_modules/nodemailer/lib/smtp-connection/index.js:1523:34)
04/05/2020 12:17:35 at SMTPConnection.<anonymous> (/home/node/backend/node_modules/nodemailer/lib/smtp-connection/index.js:550:26)
04/05/2020 12:17:35 at SMTPConnection._processResponse (/home/node/backend/node_modules/nodemailer/lib/smtp-connection/index.js:942:20)
04/05/2020 12:17:35 at SMTPConnection._onData (/home/node/backend/node_modules/nodemailer/lib/smtp-connection/index.js:749:14)
04/05/2020 12:17:35 at TLSSocket.SMTPConnection._onSocketData (/home/node/backend/node_modules/nodemailer/lib/smtp-connection/index.js:195:44)
04/05/2020 12:17:35 at TLSSocket.emit (events.js:310:20)
04/05/2020 12:17:35 at addChunk (_stream_readable.js:286:12)

I did some research and discovered that I was supposed to turn on "Less secure apps" but I can't find the settings.

When I visit https://myaccount.google.com/lesssecureapps, I get "Settings could not be read"

Answer 1

It was a temporary problem on Google's side. By 11:44 UTC it was back for us. https://twitter.com/gsuite/status/1257266044957319169?s=20

Answer 2

We managed to fix it quickly using App Passwords. For anyone using Less Secure Apps login, this is a trivial fix. You just need to set up 2FA (if you don't have it already) and use the generated App Password for logging in from your app, instead of the standard password.

https://support.google.com/accounts/answer/185833

This is easier than migrating to OAuth, often the only option, for anyone in a rush to fix this in production.

Answer 3

If you are a Gsuite admin, you need to migrate it to oAuth. I don't know if google has disabled LSA for temporary period or permanent.

https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html

LSA is back in security settings, guess it was down for sometime.