Skip to main content

Meanwhile, I get the same email when I try to check my email with the built-in email client on my flip phone that doesn't run Android. Gee, I wonder why?

Ahh, I may be able to answer that one. Do you have "less secure apps" disabled in your Google Security Settings? That's basically Google-speak for "apps that require your username and password to log in" (as opposed to using the "Sign in with Google" button or equivalent). Disabling it should allow you to log in.

Of course, you should be aware of the security trade-off: basically, you're giving apps your Google password, so they can (theoretically) steal your password, sign into your account, and wreak havoc. This is no more risky than using any other app for any other password-based sign-in, but people tend to depend a lot more on Google (Drive, Gmail, Photos, Contacts, etc.) which would all be at risk if your password gets stolen. That's why Google has disabled it by default, instead using the OAuth-based login where you sign in via Google's web page and give the app limited access to a fixed set of permissions.

That said, Google can detect suspicious activity even with "less secure apps" enabled—so as long as you're careful with your password and only... show more

I do have the "allow less secure apps" thing enabled -- I need it to use literally any desktop email client that I could possibly use since Google thinks they're all not secure. I don't see why *disabling* it would allow me to sign in on what is pretty much just the same thing but on a flip phone...

As for the security thing: I use Free (as in speech) Software exclusively and tend to stick with software which has a large community around it, so I would argue that as long as I have my email client set to use an encrypted connection (preferably with TLS), I'm fairly secure regardless of what Google thinks. No security is absolute anyway, not even OAuth.

I can't really speak for the security of my flip phone, I doubt it's fully open source. I tried using it exactly once for email when I really needed to access my email in public and didn't have my laptop with me -- not that it did me any good since Google blocked it as "suspicious". I was trying to imply that the reason Google blocked it was probably because it wasn't a Google-approved device (e.g. those running Android).

Oh, I see. In that case you already know all about it.

The reason I got the notification just now was, I gave my credentials to the hot-chilli service to set up an XMPP bridge. Google blocked it and asked "was this you?"; when I said "yes, it was me" and tried again it worked. You could see if that works. But I wouldn't be surprised if Google is also blocking access for non-Google-approved devices as you said. They're certainly trying very hard (calling it "less secure apps" and all).

The problem with telling Google "this was me" is having web access, which is marginal at best on a flip phone. I really only wanted it for a telephone anyway, and this was a one-off event for me.

Personally, I don't trust a company that's into tracking me and using me as their product to tell me what's secure and what's not...