Enabling access for "less secure apps" means that the client/app doesn't use OAuth 2.0 . OAuth 2.0 is the industry-standard protocol for authorization. When you sign in with OAuth 2.0, you sign in to Google's system directly. In OAuth 2.0 , you authenticate directly to Gmail with your credentials and authorize an app to do certain things. The third-party app only sees an authorization token provided by Google as proof that you authenticated correctly and agreed to authorize that app.