moderated Gmail and Outlook: Recent Security Conundrums


Curtis Chong
 

Greetings everyone:

 

Some of you who use Outlook to read and write Gmail messages may have noticed that there is a problem where you are being asked to enter your Gmail password and that password is not being recognized. This is not a problem with either accessibility or your screen reader. Rather, this is a long-planned change that Google has implemented about which many Gmail users were notified in advance.

 

While we can quibble about the effective of the communication from Google and the complexity of the ultimate solution (yes, there is a solution to this problem), please understand that nonvisual access in particular and accessibility in general are not the issues here.

 

If your email software is, as they say, not modern, the only way around this problem is to activate two-factor authentication for your Google account, create what Google calls an app-specific password, and then use that password in your email client.

 

Those of us who are using the latest versions of Microsoft 365 have had to remove the Gmail account from Outlook and then add it back again.

 

I hope this helps to provide some clarification about an issue which, to be candid, is hitting lots and lots of people.

 

Cordially,

 

Curtis Chong

 


 

I have heard that it is not necessary to remove and re-create the Gmail account in all cases.  If you have previously been using the "less secure apps" method of accessing the account with email address and actual password, you can go in to your Google Account and generate an app specific password for Outlook and that email account.  Afterwards you update the account in outlook substituting the app specific password for your old text password.  As previously noted, you have to turn on two-factor authentication for the account.

Personally, I prefer to nuke the account and set it up again if IMAP access has been the access method being used.  Outlook 2016 and later walk you through doing the Gmail OAUTH steps and then everything is up to completely modern security protocols.

Outlook 2013 can be set up to use modern security protocols, too, but it requires the additon of 3 registry keys.  Why they never turned this feature on in an Outlook 2013 update I'll never know.  I have a REG script that sets these keys: Outlook2013ModernAuth.REG
Should you elect to download this, you will get a warning from Google that it cannot be virus scanned and is an executable that could harm your computer.  It's a text file containing registry edit commands to set those three keys, and after you download it, should you wish to examine it before running, select the file, bring up the context menu, and choose Edit.  Otherwise, if you select the file and activate it then this will fire up the regedit utility which will use the commands in this file to set the three keys.  When regedit fires up you will get a UAC dialog (if you have UAC on, and most do) asking if you want to allow changes to be made to your system, to which you must answer, Yes, if you want the registry keys to be added.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


aaron lane
 

I've not had any issues yet with Thunderbird or my IPhone. I am following this thread, so I know what to do, just in case.


Thanks.

On 6/10/2022 10:50 AM, Brian Vogel wrote:
I have heard that it is not necessary to remove and re-create the Gmail account in all cases.  If you have previously been using the "less secure apps" method of accessing the account with email address and actual password, you can go in to your Google Account and generate an app specific password for Outlook and that email account.  Afterwards you update the account in outlook substituting the app specific password for your old text password.  As previously noted, you have to turn on two-factor authentication for the account.

Personally, I prefer to nuke the account and set it up again if IMAP access has been the access method being used.  Outlook 2016 and later walk you through doing the Gmail OAUTH steps and then everything is up to completely modern security protocols.

Outlook 2013 can be set up to use modern security protocols, too, but it requires the additon of 3 registry keys.  Why they never turned this feature on in an Outlook 2013 update I'll never know.  I have a REG script that sets these keys: Outlook2013ModernAuth.REG
Should you elect to download this, you will get a warning from Google that it cannot be virus scanned and is an executable that could harm your computer.  It's a text file containing registry edit commands to set those three keys, and after you download it, should you wish to examine it before running, select the file, bring up the context menu, and choose Edit.  Otherwise, if you select the file and activate it then this will fire up the regedit utility which will use the commands in this file to set the three keys.  When regedit fires up you will get a UAC dialog (if you have UAC on, and most do) asking if you want to allow changes to be made to your system, to which you must answer, Yes, if you want the registry keys to be added.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


 

On Fri, Jun 10, 2022 at 12:08 PM, aaron lane wrote:
I've not had any issues yet with Thunderbird or my IPhone.
-
And you won't unless you used the "less secure apps" connection option, which you most likely didn't.  Thunderbird has been able to configure with OAUTH for Gmail for quite a while now and I suspect Apple's email client has, too, but I cannot swear to that.

The only people who will encounter issues are those who set up their accounts using the "less secure apps" option which is being eliminated.  They will have to turn on two factor authentication (if it's not already on - I think Google may have automatically set this but it's worth checking) and then generate an app specific password if they are using an email client that does not support OAUTH.  If they're using a client that does (Outlook 2016 and later, as well as 2013 if the registry tweak is done, Thunderbird, and many others) and have been using IMAP access, the best thing to do would be to nuke the account and re-create it.  There's nothing lost when you use IMAP access, which is one of the beauties of IMAP access.  Most email clients have been automatically selecting IMAP access protocol where it's available for some years now, and Gmail has had it available by default for many years now.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


aaron lane
 

Great. Thanks for the info.

On 6/10/2022 11:21 AM, Brian Vogel wrote:
On Fri, Jun 10, 2022 at 12:08 PM, aaron lane wrote:
I've not had any issues yet with Thunderbird or my IPhone.
-
And you won't unless you used the "less secure apps" connection option, which you most likely didn't.  Thunderbird has been able to configure with OAUTH for Gmail for quite a while now and I suspect Apple's email client has, too, but I cannot swear to that.

The only people who will encounter issues are those who set up their accounts using the "less secure apps" option which is being eliminated.  They will have to turn on two factor authentication (if it's not already on - I think Google may have automatically set this but it's worth checking) and then generate an app specific password if they are using an email client that does not support OAUTH.  If they're using a client that does (Outlook 2016 and later, as well as 2013 if the registry tweak is done, Thunderbird, and many others) and have been using IMAP access, the best thing to do would be to nuke the account and re-create it.  There's nothing lost when you use IMAP access, which is one of the beauties of IMAP access.  Most email clients have been automatically selecting IMAP access protocol where it's available for some years now, and Gmail has had it available by default for many years now.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


Andy
 


I had no issues with GMAIL on my iPhone, but did on the PC because I was using Outlook Express.
 
Andy
 

----- Original Message -----
From: aaron lane
Sent: Friday, June 10, 2022 9:08 AM
Subject: Re: Gmail and Outlook: Recent Security Conundrums

I've not had any issues yet with Thunderbird or my IPhone. I am following this thread, so I know what to do, just in case.


Thanks.

On 6/10/2022 10:50 AM, Brian Vogel wrote:
I have heard that it is not necessary to remove and re-create the Gmail account in all cases.  If you have previously been using the "less secure apps" method of accessing the account with email address and actual password, you can go in to your Google Account and generate an app specific password for Outlook and that email account.  Afterwards you update the account in outlook substituting the app specific password for your old text password.  As previously noted, you have to turn on two-factor authentication for the account.

Personally, I prefer to nuke the account and set it up again if IMAP access has been the access method being used.  Outlook 2016 and later walk you through doing the Gmail OAUTH steps and then everything is up to completely modern security protocols.

Outlook 2013 can be set up to use modern security protocols, too, but it requires the additon of 3 registry keys.  Why they never turned this feature on in an Outlook 2013 update I'll never know.  I have a REG script that sets these keys: Outlook2013ModernAuth.REG
Should you elect to download this, you will get a warning from Google that it cannot be virus scanned and is an executable that could harm your computer.  It's a text file containing registry edit commands to set those three keys, and after you download it, should you wish to examine it before running, select the file, bring up the context menu, and choose Edit.  Otherwise, if you select the file and activate it then this will fire up the regedit utility which will use the commands in this file to set the three keys.  When regedit fires up you will get a UAC dialog (if you have UAC on, and most do) asking if you want to allow changes to be made to your system, to which you must answer, Yes, if you want the registry keys to be added.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


Sandra Streeter
 

How do you check whether you have “less secure apps” in operation?

 

 

Sandra

 

Justice without force is powerless; force without justice is tyrannical.

(Blaise Pascal)

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Andy
Sent: Friday, June 10, 2022 1:26 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I had no issues with GMAIL on my iPhone, but did on the PC because I was using Outlook Express.

 

Andy

 

----- Original Message -----

From: aaron lane

Sent: Friday, June 10, 2022 9:08 AM

Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I've not had any issues yet with Thunderbird or my IPhone. I am following this thread, so I know what to do, just in case.

 

Thanks.

On 6/10/2022 10:50 AM, Brian Vogel wrote:

I have heard that it is not necessary to remove and re-create the Gmail account in all cases.  If you have previously been using the "less secure apps" method of accessing the account with email address and actual password, you can go in to your Google Account and generate an app specific password for Outlook and that email account.  Afterwards you update the account in outlook substituting the app specific password for your old text password.  As previously noted, you have to turn on two-factor authentication for the account.

Personally, I prefer to nuke the account and set it up again if IMAP access has been the access method being used.  Outlook 2016 and later walk you through doing the Gmail OAUTH steps and then everything is up to completely modern security protocols.

Outlook 2013 can be set up to use modern security protocols, too, but it requires the additon of 3 registry keys.  Why they never turned this feature on in an Outlook 2013 update I'll never know.  I have a REG script that sets these keys: Outlook2013ModernAuth.REG
Should you elect to download this, you will get a warning from Google that it cannot be virus scanned and is an executable that could harm your computer.  It's a text file containing registry edit commands to set those three keys, and after you download it, should you wish to examine it before running, select the file, bring up the context menu, and choose Edit.  Otherwise, if you select the file and activate it then this will fire up the regedit utility which will use the commands in this file to set the three keys.  When regedit fires up you will get a UAC dialog (if you have UAC on, and most do) asking if you want to allow changes to be made to your system, to which you must answer, Yes, if you want the registry keys to be added.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


Curtis Chong
 

You can’t anymore. Allow Less Secure Apps is no longer an available setting.


On Jun 10, 2022, at 11:44 AM, Sandra Streeter <sandrastreeter381@...> wrote:



How do you check whether you have “less secure apps” in operation?

 

 

Sandra

 

Justice without force is powerless; force without justice is tyrannical.

(Blaise Pascal)

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Andy
Sent: Friday, June 10, 2022 1:26 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I had no issues with GMAIL on my iPhone, but did on the PC because I was using Outlook Express.

 

Andy

 

----- Original Message -----

From: aaron lane

Sent: Friday, June 10, 2022 9:08 AM

Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I've not had any issues yet with Thunderbird or my IPhone. I am following this thread, so I know what to do, just in case.

 

Thanks.

On 6/10/2022 10:50 AM, Brian Vogel wrote:

I have heard that it is not necessary to remove and re-create the Gmail account in all cases.  If you have previously been using the "less secure apps" method of accessing the account with email address and actual password, you can go in to your Google Account and generate an app specific password for Outlook and that email account.  Afterwards you update the account in outlook substituting the app specific password for your old text password.  As previously noted, you have to turn on two-factor authentication for the account.

Personally, I prefer to nuke the account and set it up again if IMAP access has been the access method being used.  Outlook 2016 and later walk you through doing the Gmail OAUTH steps and then everything is up to completely modern security protocols.

Outlook 2013 can be set up to use modern security protocols, too, but it requires the additon of 3 registry keys.  Why they never turned this feature on in an Outlook 2013 update I'll never know.  I have a REG script that sets these keys: Outlook2013ModernAuth.REG
Should you elect to download this, you will get a warning from Google that it cannot be virus scanned and is an executable that could harm your computer.  It's a text file containing registry edit commands to set those three keys, and after you download it, should you wish to examine it before running, select the file, bring up the context menu, and choose Edit.  Otherwise, if you select the file and activate it then this will fire up the regedit utility which will use the commands in this file to set the three keys.  When regedit fires up you will get a UAC dialog (if you have UAC on, and most do) asking if you want to allow changes to be made to your system, to which you must answer, Yes, if you want the registry keys to be added.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


kevin meyers <kman2020@...>
 

Brian, When you say nuke the account, do you mean just in Outlook or on Google as well?

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Brian Vogel
Sent: Friday, June 10, 2022 11:21 AM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

On Fri, Jun 10, 2022 at 12:08 PM, aaron lane wrote:

I've not had any issues yet with Thunderbird or my IPhone.

-
And you won't unless you used the "less secure apps" connection option, which you most likely didn't.  Thunderbird has been able to configure with OAUTH for Gmail for quite a while now and I suspect Apple's email client has, too, but I cannot swear to that.

The only people who will encounter issues are those who set up their accounts using the "less secure apps" option which is being eliminated.  They will have to turn on two factor authentication (if it's not already on - I think Google may have automatically set this but it's worth checking) and then generate an app specific password if they are using an email client that does not support OAUTH.  If they're using a client that does (Outlook 2016 and later, as well as 2013 if the registry tweak is done, Thunderbird, and many others) and have been using IMAP access, the best thing to do would be to nuke the account and re-create it.  There's nothing lost when you use IMAP access, which is one of the beauties of IMAP access.  Most email clients have been automatically selecting IMAP access protocol where it's available for some years now, and Gmail has had it available by default for many years now.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


 

On Fri, Jun 10, 2022 at 01:48 PM, kevin meyers wrote:
When you say nuke the account, do you mean just in Outlook
-
Just this.  
 
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


Tom Behler
 

Interestingly, I haven’t needed to make any changes here with Outlook and my g-mail account.

 

I don’t remember being asked for two-factor authentication, so hopefully, I’ll be prompted for that when the time comes.

 

Is there something I should be doing now?  I’m operating on the basis of the idea that “if it isn’t broken, don’t fix it!”.

 

Am using Microsoft 365 here on a Windows 10 PC.

 

Dr.  Tom Behler

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Curtis Chong
Sent: Friday, June 10, 2022 1:47 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

You can’t anymore. Allow Less Secure Apps is no longer an available setting.

 


On Jun 10, 2022, at 11:44 AM, Sandra Streeter <sandrastreeter381@...> wrote:



How do you check whether you have “less secure apps” in operation?

 

 

Sandra

 

Justice without force is powerless; force without justice is tyrannical.

(Blaise Pascal)

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Andy
Sent: Friday, June 10, 2022 1:26 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I had no issues with GMAIL on my iPhone, but did on the PC because I was using Outlook Express.

 

Andy

 

----- Original Message -----

From: aaron lane

Sent: Friday, June 10, 2022 9:08 AM

Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I've not had any issues yet with Thunderbird or my IPhone. I am following this thread, so I know what to do, just in case.

 

Thanks.

On 6/10/2022 10:50 AM, Brian Vogel wrote:

I have heard that it is not necessary to remove and re-create the Gmail account in all cases.  If you have previously been using the "less secure apps" method of accessing the account with email address and actual password, you can go in to your Google Account and generate an app specific password for Outlook and that email account.  Afterwards you update the account in outlook substituting the app specific password for your old text password.  As previously noted, you have to turn on two-factor authentication for the account.

Personally, I prefer to nuke the account and set it up again if IMAP access has been the access method being used.  Outlook 2016 and later walk you through doing the Gmail OAUTH steps and then everything is up to completely modern security protocols.

Outlook 2013 can be set up to use modern security protocols, too, but it requires the additon of 3 registry keys.  Why they never turned this feature on in an Outlook 2013 update I'll never know.  I have a REG script that sets these keys: Outlook2013ModernAuth.REG
Should you elect to download this, you will get a warning from Google that it cannot be virus scanned and is an executable that could harm your computer.  It's a text file containing registry edit commands to set those three keys, and after you download it, should you wish to examine it before running, select the file, bring up the context menu, and choose Edit.  Otherwise, if you select the file and activate it then this will fire up the regedit utility which will use the commands in this file to set the three keys.  When regedit fires up you will get a UAC dialog (if you have UAC on, and most do) asking if you want to allow changes to be made to your system, to which you must answer, Yes, if you want the registry keys to be added.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


 

For those who want to check out "what's what" on the Google side of the equation:

1. Log in to your Google Account directly or log in to any one of the web interfaces for a Google Service (e.g. Gmail, Docs, etc.) that uses a specific account you want to check.

2. If you logged in to a service, then paste the following into the address box in the browser to take you to your account page:  https://myaccount.google.com/ 

3. Navigate to the Security Pane.

4.  Once the Security Pane is up, since almost everything is handled there via links, bring up the links list in your screen reader.  Filter/search for "2-step" which should land you on the 2-Step Verification link, activate it. You will most likely then have Google ask you to log in again since you are trying to access sensitive information.  If so, just fill in your password on the dialog asking you to log in again and then complete sign-in.

5.  On the 2-step verification page will be a button that is one of two things:  Turn On (if it's currently off) or Turn Off (if it's currently on).   If, by chance, it is turned off then if you want to turn it on activate the Turn On button.

If 2-step verification is on it's virtually certain that whenever you set up your Gmail account in any given email client that you were walked through the OAUTH process in order to gain access.   If you want to check to see what third-party apps have access to your account, and for what:

1. Navigate back to the Security Pane initial page.

2. Bring up the links list again, and activate the Manage third-party access link.

3.  I just down arrow through the page, as after the initial headings that tell you about the section itself, you begin landing on the app, followed by the description of what it has acccess to, followed by a more information (hidden from visual view) button.  Lather, rinse, repeat as you keep down arrowing.

Note Well:  Microsoft Outlook is NOT listed as Microsoft Outlook.  Any Microsoft email client, whether Outlook, the Windows Mail App, etc., that's currently supported will show up in that list as Microsoft Apps & Services.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


Curtis Chong
 

Tom:

 

If your version of Office is fairly new, you will not be required to turn on two-factor authentication. This is one reason why I, myself, am on the subscription version of Microsoft 365.

 

Kindly,

 

Curtis Chong

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Tom Behler
Sent: Friday, June 10, 2022 12:32 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

Interestingly, I haven’t needed to make any changes here with Outlook and my g-mail account.

 

I don’t remember being asked for two-factor authentication, so hopefully, I’ll be prompted for that when the time comes.

 

Is there something I should be doing now?  I’m operating on the basis of the idea that “if it isn’t broken, don’t fix it!”.

 

Am using Microsoft 365 here on a Windows 10 PC.

 

Dr.  Tom Behler

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Curtis Chong
Sent: Friday, June 10, 2022 1:47 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

You can’t anymore. Allow Less Secure Apps is no longer an available setting.

 


On Jun 10, 2022, at 11:44 AM, Sandra Streeter <sandrastreeter381@...> wrote:



How do you check whether you have “less secure apps” in operation?

 

 

Sandra

 

Justice without force is powerless; force without justice is tyrannical.

(Blaise Pascal)

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Andy
Sent: Friday, June 10, 2022 1:26 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I had no issues with GMAIL on my iPhone, but did on the PC because I was using Outlook Express.

 

Andy

 

----- Original Message -----

From: aaron lane

Sent: Friday, June 10, 2022 9:08 AM

Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I've not had any issues yet with Thunderbird or my IPhone. I am following this thread, so I know what to do, just in case.

 

Thanks.

On 6/10/2022 10:50 AM, Brian Vogel wrote:

I have heard that it is not necessary to remove and re-create the Gmail account in all cases.  If you have previously been using the "less secure apps" method of accessing the account with email address and actual password, you can go in to your Google Account and generate an app specific password for Outlook and that email account.  Afterwards you update the account in outlook substituting the app specific password for your old text password.  As previously noted, you have to turn on two-factor authentication for the account.

Personally, I prefer to nuke the account and set it up again if IMAP access has been the access method being used.  Outlook 2016 and later walk you through doing the Gmail OAUTH steps and then everything is up to completely modern security protocols.

Outlook 2013 can be set up to use modern security protocols, too, but it requires the additon of 3 registry keys.  Why they never turned this feature on in an Outlook 2013 update I'll never know.  I have a REG script that sets these keys: Outlook2013ModernAuth.REG
Should you elect to download this, you will get a warning from Google that it cannot be virus scanned and is an executable that could harm your computer.  It's a text file containing registry edit commands to set those three keys, and after you download it, should you wish to examine it before running, select the file, bring up the context menu, and choose Edit.  Otherwise, if you select the file and activate it then this will fire up the regedit utility which will use the commands in this file to set the three keys.  When regedit fires up you will get a UAC dialog (if you have UAC on, and most do) asking if you want to allow changes to be made to your system, to which you must answer, Yes, if you want the registry keys to be added.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


Tom Behler
 

Thanks, Curtis.

 

I have Microsoft 365 here, and it just updated the other day, so, from what you say, I guess I’m all set.

 

Thanks again!

 

Tom Behler

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Curtis Chong
Sent: Friday, June 10, 2022 4:05 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

Tom:

 

If your version of Office is fairly new, you will not be required to turn on two-factor authentication. This is one reason why I, myself, am on the subscription version of Microsoft 365.

 

Kindly,

 

Curtis Chong

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Tom Behler
Sent: Friday, June 10, 2022 12:32 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

Interestingly, I haven’t needed to make any changes here with Outlook and my g-mail account.

 

I don’t remember being asked for two-factor authentication, so hopefully, I’ll be prompted for that when the time comes.

 

Is there something I should be doing now?  I’m operating on the basis of the idea that “if it isn’t broken, don’t fix it!”.

 

Am using Microsoft 365 here on a Windows 10 PC.

 

Dr.  Tom Behler

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Curtis Chong
Sent: Friday, June 10, 2022 1:47 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

You can’t anymore. Allow Less Secure Apps is no longer an available setting.

 


On Jun 10, 2022, at 11:44 AM, Sandra Streeter <sandrastreeter381@...> wrote:



How do you check whether you have “less secure apps” in operation?

 

 

Sandra

 

Justice without force is powerless; force without justice is tyrannical.

(Blaise Pascal)

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Andy
Sent: Friday, June 10, 2022 1:26 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I had no issues with GMAIL on my iPhone, but did on the PC because I was using Outlook Express.

 

Andy

 

----- Original Message -----

From: aaron lane

Sent: Friday, June 10, 2022 9:08 AM

Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I've not had any issues yet with Thunderbird or my IPhone. I am following this thread, so I know what to do, just in case.

 

Thanks.

On 6/10/2022 10:50 AM, Brian Vogel wrote:

I have heard that it is not necessary to remove and re-create the Gmail account in all cases.  If you have previously been using the "less secure apps" method of accessing the account with email address and actual password, you can go in to your Google Account and generate an app specific password for Outlook and that email account.  Afterwards you update the account in outlook substituting the app specific password for your old text password.  As previously noted, you have to turn on two-factor authentication for the account.

Personally, I prefer to nuke the account and set it up again if IMAP access has been the access method being used.  Outlook 2016 and later walk you through doing the Gmail OAUTH steps and then everything is up to completely modern security protocols.

Outlook 2013 can be set up to use modern security protocols, too, but it requires the additon of 3 registry keys.  Why they never turned this feature on in an Outlook 2013 update I'll never know.  I have a REG script that sets these keys: Outlook2013ModernAuth.REG
Should you elect to download this, you will get a warning from Google that it cannot be virus scanned and is an executable that could harm your computer.  It's a text file containing registry edit commands to set those three keys, and after you download it, should you wish to examine it before running, select the file, bring up the context menu, and choose Edit.  Otherwise, if you select the file and activate it then this will fire up the regedit utility which will use the commands in this file to set the three keys.  When regedit fires up you will get a UAC dialog (if you have UAC on, and most do) asking if you want to allow changes to be made to your system, to which you must answer, Yes, if you want the registry keys to be added.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


Peter Donahue
 

Hello Curtis and everyone,

 

                We too are using the subscription version of Office 365. So far our G-Mail Accounts are working normally.

 

Peter Donahue

 

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Curtis Chong
Sent: Friday, June 10, 2022 3:05 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

Tom:

 

If your version of Office is fairly new, you will not be required to turn on two-factor authentication. This is one reason why I, myself, am on the subscription version of Microsoft 365.

 

Kindly,

 

Curtis Chong

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Tom Behler
Sent: Friday, June 10, 2022 12:32 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

Interestingly, I haven’t needed to make any changes here with Outlook and my g-mail account.

 

I don’t remember being asked for two-factor authentication, so hopefully, I’ll be prompted for that when the time comes.

 

Is there something I should be doing now?  I’m operating on the basis of the idea that “if it isn’t broken, don’t fix it!”.

 

Am using Microsoft 365 here on a Windows 10 PC.

 

Dr.  Tom Behler

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Curtis Chong
Sent: Friday, June 10, 2022 1:47 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

You can’t anymore. Allow Less Secure Apps is no longer an available setting.

 


On Jun 10, 2022, at 11:44 AM, Sandra Streeter <sandrastreeter381@...> wrote:



How do you check whether you have “less secure apps” in operation?

 

 

Sandra

 

Justice without force is powerless; force without justice is tyrannical.

(Blaise Pascal)

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Andy
Sent: Friday, June 10, 2022 1:26 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I had no issues with GMAIL on my iPhone, but did on the PC because I was using Outlook Express.

 

Andy

 

----- Original Message -----

From: aaron lane

Sent: Friday, June 10, 2022 9:08 AM

Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I've not had any issues yet with Thunderbird or my IPhone. I am following this thread, so I know what to do, just in case.

 

Thanks.

On 6/10/2022 10:50 AM, Brian Vogel wrote:

I have heard that it is not necessary to remove and re-create the Gmail account in all cases.  If you have previously been using the "less secure apps" method of accessing the account with email address and actual password, you can go in to your Google Account and generate an app specific password for Outlook and that email account.  Afterwards you update the account in outlook substituting the app specific password for your old text password.  As previously noted, you have to turn on two-factor authentication for the account.

Personally, I prefer to nuke the account and set it up again if IMAP access has been the access method being used.  Outlook 2016 and later walk you through doing the Gmail OAUTH steps and then everything is up to completely modern security protocols.

Outlook 2013 can be set up to use modern security protocols, too, but it requires the additon of 3 registry keys.  Why they never turned this feature on in an Outlook 2013 update I'll never know.  I have a REG script that sets these keys: Outlook2013ModernAuth.REG
Should you elect to download this, you will get a warning from Google that it cannot be virus scanned and is an executable that could harm your computer.  It's a text file containing registry edit commands to set those three keys, and after you download it, should you wish to examine it before running, select the file, bring up the context menu, and choose Edit.  Otherwise, if you select the file and activate it then this will fire up the regedit utility which will use the commands in this file to set the three keys.  When regedit fires up you will get a UAC dialog (if you have UAC on, and most do) asking if you want to allow changes to be made to your system, to which you must answer, Yes, if you want the registry keys to be added.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


Joseph Machise <josephmachise@...>
 


Curtis can you please tell me about windows7 tried turning it on and my google now even with out turning it on doesn't like the ports in outlook express, what can I do from Joseph, to make google work again 

----- Original Message -----
Sent: Friday, June 10, 2022 4:04 PM
Subject: Re: Gmail and Outlook: Recent Security Conundrums

Tom:

 

If your version of Office is fairly new, you will not be required to turn on two-factor authentication. This is one reason why I, myself, am on the subscription version of Microsoft 365.

 

Kindly,

 

Curtis Chong

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Tom Behler
Sent: Friday, June 10, 2022 12:32 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

Interestingly, I haven’t needed to make any changes here with Outlook and my g-mail account.

 

I don’t remember being asked for two-factor authentication, so hopefully, I’ll be prompted for that when the time comes.

 

Is there something I should be doing now?  I’m operating on the basis of the idea that “if it isn’t broken, don’t fix it!”.

 

Am using Microsoft 365 here on a Windows 10 PC.

 

Dr.  Tom Behler

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Curtis Chong
Sent: Friday, June 10, 2022 1:47 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

You can’t anymore. Allow Less Secure Apps is no longer an available setting.

 


On Jun 10, 2022, at 11:44 AM, Sandra Streeter <sandrastreeter381@...> wrote:



How do you check whether you have “less secure apps” in operation?

 

 

Sandra

 

Justice without force is powerless; force without justice is tyrannical.

(Blaise Pascal)

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Andy
Sent: Friday, June 10, 2022 1:26 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I had no issues with GMAIL on my iPhone, but did on the PC because I was using Outlook Express.

 

Andy

 

----- Original Message -----

From: aaron lane

Sent: Friday, June 10, 2022 9:08 AM

Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I've not had any issues yet with Thunderbird or my IPhone. I am following this thread, so I know what to do, just in case.

 

Thanks.

On 6/10/2022 10:50 AM, Brian Vogel wrote:

I have heard that it is not necessary to remove and re-create the Gmail account in all cases.  If you have previously been using the "less secure apps" method of accessing the account with email address and actual password, you can go in to your Google Account and generate an app specific password for Outlook and that email account.  Afterwards you update the account in outlook substituting the app specific password for your old text password.  As previously noted, you have to turn on two-factor authentication for the account.

Personally, I prefer to nuke the account and set it up again if IMAP access has been the access method being used.  Outlook 2016 and later walk you through doing the Gmail OAUTH steps and then everything is up to completely modern security protocols.

Outlook 2013 can be set up to use modern security protocols, too, but it requires the additon of 3 registry keys.  Why they never turned this feature on in an Outlook 2013 update I'll never know.  I have a REG script that sets these keys: Outlook2013ModernAuth.REG
Should you elect to download this, you will get a warning from Google that it cannot be virus scanned and is an executable that could harm your computer.  It's a text file containing registry edit commands to set those three keys, and after you download it, should you wish to examine it before running, select the file, bring up the context menu, and choose Edit.  Otherwise, if you select the file and activate it then this will fire up the regedit utility which will use the commands in this file to set the three keys.  When regedit fires up you will get a UAC dialog (if you have UAC on, and most do) asking if you want to allow changes to be made to your system, to which you must answer, Yes, if you want the registry keys to be added.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


Curtis Chong
 

Hello:

 

I need more specifics before I can answer this question. I am gathering that Outlook Express is the email client being used—running on the Windows 7 operating system. This being the case, I would suggest two things to enable Outlook Express to work with the Gmail account.

 

  1. In the Google account itself, turn on two-factor authentication.
  2. Once this is done and verified, generate what Google calls an app-specific password. This is a string of letters and other symbols that are difficult to remember. Once you have obtained this generated password, re-establish the Gmail account in Outlook Express, using the generated password in place of the Google Account password, the latter still working when a person needs access to the account through a web browser.

 

If you want links or references to articles telling you how to do all of this, please feel free to reach out to me.

 

Best regards,

 

Curtis Chong

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Joseph Machise
Sent: Friday, June 10, 2022 5:44 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

Curtis can you please tell me about windows7 tried turning it on and my google now even with out turning it on doesn't like the ports in outlook express, what can I do from Joseph, to make google work again 

----- Original Message -----

Sent: Friday, June 10, 2022 4:04 PM

Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

Tom:

 

If your version of Office is fairly new, you will not be required to turn on two-factor authentication. This is one reason why I, myself, am on the subscription version of Microsoft 365.

 

Kindly,

 

Curtis Chong

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Tom Behler
Sent: Friday, June 10, 2022 12:32 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

Interestingly, I haven’t needed to make any changes here with Outlook and my g-mail account.

 

I don’t remember being asked for two-factor authentication, so hopefully, I’ll be prompted for that when the time comes.

 

Is there something I should be doing now?  I’m operating on the basis of the idea that “if it isn’t broken, don’t fix it!”.

 

Am using Microsoft 365 here on a Windows 10 PC.

 

Dr.  Tom Behler

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Curtis Chong
Sent: Friday, June 10, 2022 1:47 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

You can’t anymore. Allow Less Secure Apps is no longer an available setting.

 


On Jun 10, 2022, at 11:44 AM, Sandra Streeter <sandrastreeter381@...> wrote:



How do you check whether you have “less secure apps” in operation?

 

 

Sandra

 

Justice without force is powerless; force without justice is tyrannical.

(Blaise Pascal)

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Andy
Sent: Friday, June 10, 2022 1:26 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I had no issues with GMAIL on my iPhone, but did on the PC because I was using Outlook Express.

 

Andy

 

----- Original Message -----

From: aaron lane

Sent: Friday, June 10, 2022 9:08 AM

Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I've not had any issues yet with Thunderbird or my IPhone. I am following this thread, so I know what to do, just in case.

 

Thanks.

On 6/10/2022 10:50 AM, Brian Vogel wrote:

I have heard that it is not necessary to remove and re-create the Gmail account in all cases.  If you have previously been using the "less secure apps" method of accessing the account with email address and actual password, you can go in to your Google Account and generate an app specific password for Outlook and that email account.  Afterwards you update the account in outlook substituting the app specific password for your old text password.  As previously noted, you have to turn on two-factor authentication for the account.

Personally, I prefer to nuke the account and set it up again if IMAP access has been the access method being used.  Outlook 2016 and later walk you through doing the Gmail OAUTH steps and then everything is up to completely modern security protocols.

Outlook 2013 can be set up to use modern security protocols, too, but it requires the additon of 3 registry keys.  Why they never turned this feature on in an Outlook 2013 update I'll never know.  I have a REG script that sets these keys: Outlook2013ModernAuth.REG
Should you elect to download this, you will get a warning from Google that it cannot be virus scanned and is an executable that could harm your computer.  It's a text file containing registry edit commands to set those three keys, and after you download it, should you wish to examine it before running, select the file, bring up the context menu, and choose Edit.  Otherwise, if you select the file and activate it then this will fire up the regedit utility which will use the commands in this file to set the three keys.  When regedit fires up you will get a UAC dialog (if you have UAC on, and most do) asking if you want to allow changes to be made to your system, to which you must answer, Yes, if you want the registry keys to be added.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


Joseph Machise <josephmachise@...>
 


hi curtis if I give you my phone can you tandum and help me I had a computer tech from a story work on my computer for a hour and no luck, please write me off list my e-mail off list is josephmachise@... hope you can help from Joseph, all the best. 

----- Original Message -----
Sent: Friday, June 10, 2022 11:03 PM
Subject: Re: Gmail and Outlook: Recent Security Conundrums

Hello:

 

I need more specifics before I can answer this question. I am gathering that Outlook Express is the email client being used—running on the Windows 7 operating system. This being the case, I would suggest two things to enable Outlook Express to work with the Gmail account.

 

  1. In the Google account itself, turn on two-factor authentication.
  2. Once this is done and verified, generate what Google calls an app-specific password. This is a string of letters and other symbols that are difficult to remember. Once you have obtained this generated password, re-establish the Gmail account in Outlook Express, using the generated password in place of the Google Account password, the latter still working when a person needs access to the account through a web browser.

 

If you want links or references to articles telling you how to do all of this, please feel free to reach out to me.

 

Best regards,

 

Curtis Chong

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Joseph Machise
Sent: Friday, June 10, 2022 5:44 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

Curtis can you please tell me about windows7 tried turning it on and my google now even with out turning it on doesn't like the ports in outlook express, what can I do from Joseph, to make google work again 

----- Original Message -----

From: Curtis Chong

Sent: Friday, June 10, 2022 4:04 PM

Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

Tom:

 

If your version of Office is fairly new, you will not be required to turn on two-factor authentication. This is one reason why I, myself, am on the subscription version of Microsoft 365.

 

Kindly,

 

Curtis Chong

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Tom Behler
Sent: Friday, June 10, 2022 12:32 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

Interestingly, I haven’t needed to make any changes here with Outlook and my g-mail account.

 

I don’t remember being asked for two-factor authentication, so hopefully, I’ll be prompted for that when the time comes.

 

Is there something I should be doing now?  I’m operating on the basis of the idea that “if it isn’t broken, don’t fix it!”.

 

Am using Microsoft 365 here on a Windows 10 PC.

 

Dr.  Tom Behler

 

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Curtis Chong
Sent: Friday, June 10, 2022 1:47 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

You can’t anymore. Allow Less Secure Apps is no longer an available setting.

 


On Jun 10, 2022, at 11:44 AM, Sandra Streeter <sandrastreeter381@...> wrote:



How do you check whether you have “less secure apps” in operation?

 

 

Sandra

 

Justice without force is powerless; force without justice is tyrannical.

(Blaise Pascal)

 

From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Andy
Sent: Friday, June 10, 2022 1:26 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I had no issues with GMAIL on my iPhone, but did on the PC because I was using Outlook Express.

 

Andy

 

----- Original Message -----

From: aaron lane

Sent: Friday, June 10, 2022 9:08 AM

Subject: Re: Gmail and Outlook: Recent Security Conundrums

 

I've not had any issues yet with Thunderbird or my IPhone. I am following this thread, so I know what to do, just in case.

 

Thanks.

On 6/10/2022 10:50 AM, Brian Vogel wrote:

I have heard that it is not necessary to remove and re-create the Gmail account in all cases.  If you have previously been using the "less secure apps" method of accessing the account with email address and actual password, you can go in to your Google Account and generate an app specific password for Outlook and that email account.  Afterwards you update the account in outlook substituting the app specific password for your old text password.  As previously noted, you have to turn on two-factor authentication for the account.

Personally, I prefer to nuke the account and set it up again if IMAP access has been the access method being used.  Outlook 2016 and later walk you through doing the Gmail OAUTH steps and then everything is up to completely modern security protocols.

Outlook 2013 can be set up to use modern security protocols, too, but it requires the additon of 3 registry keys.  Why they never turned this feature on in an Outlook 2013 update I'll never know.  I have a REG script that sets these keys: Outlook2013ModernAuth.REG
Should you elect to download this, you will get a warning from Google that it cannot be virus scanned and is an executable that could harm your computer.  It's a text file containing registry edit commands to set those three keys, and after you download it, should you wish to examine it before running, select the file, bring up the context menu, and choose Edit.  Otherwise, if you select the file and activate it then this will fire up the regedit utility which will use the commands in this file to set the three keys.  When regedit fires up you will get a UAC dialog (if you have UAC on, and most do) asking if you want to allow changes to be made to your system, to which you must answer, Yes, if you want the registry keys to be added.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall


Ann Byrne
 

Do I still have to tell GMail to forward mail to IMap, or will it detect that when outlook processes?

At 10:03 PM 6/10/2022, you wrote:

Hello:



I need more specifics before I can answer this question. I am gathering that Outlook Express is the email client being used—running on the Windows 7 operating system. This being the case, I would suggest two things to enable Outlook Express to work with the Gmail account.


* In the Google account itself, turn on two-factor authentication.
* Once this is done and verified, generate what Google calls an app-specific password. This is a string of letters and other symbols that are difficult to remember. Once you have obtained this generated password, re-establish the Gmail account in Outlook Express, using the generated password in place of the Google Account password, the latter still working when a person needs access to the account through a web browser.



If you want links or references to articles telling you how to do all of this, please feel free to reach out to me.



Best regards,



Curtis Chong





From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Joseph Machise
Sent: Friday, June 10, 2022 5:44 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums



Curtis can you please tell me about windows7 tried turning it on and my google now even with out turning it on doesn't like the ports in outlook express, what can I do from Joseph, to make google work again

----- Original Message -----

From: <mailto:chong.curtis@...>Curtis Chong

To: <mailto:main@jfw.groups.io>main@jfw.groups.io

Sent: Friday, June 10, 2022 4:04 PM

Subject: Re: Gmail and Outlook: Recent Security Conundrums



Tom:



If your version of Office is fairly new, you will not be required to turn on two-factor authentication. This is one reason why I, myself, am on the subscription version of Microsoft 365.



Kindly,



Curtis Chong





From: <mailto:main@jfw.groups.io>main@jfw.groups.io <<mailto:main@jfw.groups.io>main@jfw.groups.io> On Behalf Of Tom Behler
Sent: Friday, June 10, 2022 12:32 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums



Interestingly, I haven’t needed to make any changes here with Outlook and my g-mail account.



I don’t remember being asked for two-factor authentication, so hopefully, I’ll be prompted for that when the time comes.



Is there something I should be doing now? I’m operating on the basis of the idea that “if it isn’t broken, don’t fix it!â€&#65533;.



Am using Microsoft 365 here on a Windows 10 PC.



Dr. Tom Behler





From: main@jfw.groups.io <main@jfw.groups.io> On Behalf Of Curtis Chong
Sent: Friday, June 10, 2022 1:47 PM
To: main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums



You can’t anymore. Allow Less Secure Apps is no longer an available setting.




On Jun 10, 2022, at 11:44 AM, Sandra Streeter <<mailto:sandrastreeter381@...>sandrastreeter381@...> wrote:



How do you check whether you have “less secure appsâ€&#65533; in operation?





Sandra



Justice without force is powerless; force without justice is tyrannical.

(Blaise Pascal)



From: <mailto:main@jfw.groups.io>main@jfw.groups.io <<mailto:main@jfw.groups.io>main@jfw.groups.io> On Behalf Of Andy
Sent: Friday, June 10, 2022 1:26 PM
To: <mailto:main@jfw.groups.io>main@jfw.groups.io
Subject: Re: Gmail and Outlook: Recent Security Conundrums



I had no issues with GMAIL on my iPhone, but did on the PC because I was using Outlook Express.



Andy



----- Original Message -----

From: <mailto:ajbd777@...>aaron lane

To: <mailto:main@jfw.groups.io>main@jfw.groups.io

Sent: Friday, June 10, 2022 9:08 AM

Subject: Re: Gmail and Outlook: Recent Security Conundrums



I've not had any issues yet with Thunderbird or my IPhone. I am following this thread, so I know what to do, just in case.



Thanks.

On 6/10/2022 10:50 AM, Brian Vogel wrote:

I have heard that it is not necessary to remove and re-create the Gmail account in all cases. If you have previously been using the "less secure apps" method of accessing the account with email address and actual password, you can go in to your Google Account and generate an app specific password for Outlook and that email account. Afterwards you update the account in outlook substituting the app specific password for your old text password. As previously noted, you have to turn on two-factor authentication for the account.

Personally, I prefer to nuke the account and set it up again if IMAP access has been the access method being used. Outlook 2016 and later walk you through doing the Gmail OAUTH steps and then everything is up to completely modern security protocols.

Outlook 2013 can be set up to use modern security protocols, too, but it requires the additon of 3 registry keys. Why they never turned this feature on in an Outlook 2013 update I'll never know. I have a REG script that sets these keys: <https://drive.google.com/uc?export=download&id=1Uo_EWCwUm9Nky86jxH5_q6Xi5HV0SoE8>Outlook2013ModernAuth.REG
Should you elect to download this, you will get a warning from Google that it cannot be virus scanned and is an executable that could harm your computer. It's a text file containing registry edit commands to set those three keys, and after you download it, should you wish to examine it before running, select the file, bring up the context menu, and choose Edit. Otherwise, if you select the file and activate it then this will fire up the regedit utility which will use the commands in this file to set the three keys. When regedit fires up you will get a UAC dialog (if you have UAC on, and most do) asking if you want to allow changes to be made to your system, to which you must answer, Yes, if you want the registry keys to be added.
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044

Here is a test to find out whether your mission in life is complete. If you’re alive, it isn’t.
~ Lauren Bacall


 

On Sat, Jun 11, 2022 at 12:26 PM, Ann Byrne wrote:
Do I still have to tell GMail to forward mail to IMap, or will it detect that when outlook processes?
-
Ann, I'm not sure what you're asking here, as email was never forwarded to IMAP, although the IMAP and POP settings are under Gmail's Forwarding and POP/IMAP settings page.

Not knowing the age of your account, it's still worth logging in to Gmail webmail and bringing up the settings page to the aforementioned tab and double checking that the Enable IMAP radio button is activated.  But if you didn't set up this account many years ago Gmail has had IMAP access activated by default and that button should be active anyway.

If you don't want to do that, then if you allow Outlook to set the account up autonatically you can then check afterward to see if the IMAP server is being used for incoming messages versus the POP server.  If IMAP access is enabled, Outlook will always default to using IMAP over POP in automatic setup mode.
 
--

Brian - Windows 10, 64-Bit, Version 21H2, Build 19044  

Here is a test to find out whether your mission in life is complete.  If you’re alive, it isn’t.
     ~ Lauren Bacall