Alas, poor Outlook, Gmail has officially bolted and is actively preventing Outlook from connecting, condemning it as a “Less Secure" app.

Oy! The agony, Ohh! The shame!!
Poor Outlook’s out of luck and that’s so lame!

None of this is true, of course, but you wouldn’t know that if you looked around the Outlook help forums I visit…oh, and apologies to Mel Brooks for that horrid take off on “The Inquisition”.  In truth, all versions of Outlook will work with Gmail once it is given the correct method of authenticating itself.  This whole dilemma revolves around one thing, the Oauth2 protocol.  Google considers any email client that supports this protocol as “Secure” and any email client that does not as “Less Secure”.  All versions of Outlook prior to 2019 do not support Oauth2 at all; Outlook 2019 and newer DO support Oauth2, but only for IMAP accounts, not POP accounts (Yes, Matilda, people still use POP!).

So, what exactly is Oauth2?

First of all, Oauth2 is an Authorization protocol, it is NOT an Authentication protocol; it is used to verify that you, as an authenticated user, have the authority to access whatever server stored information you are seeking.  Notice that I said, “authenticated user”, you must already be authenticated before this protocol even comes into play (more on the authentication part in just a bit, stay tuned).  Oauth2 requires that both you and the server share a “Client Secret” that is set up in advance and known to no one else. If your email client supports Oauth2, this secret is set up automatically when the account is added to the client and neither you nor anyone else has access to it.  If the client does not support Oauth2, the secret must be set up manually.  This manually created secret is commonly known as an Application Specific Password or App Password for short. These secrets are one-shot affairs, they can’t be moved or re-used, they can only be replaced. On the plus side, they never expire and are good forever unless the Gmail account is deleted from whatever email app it’s being used with (Outlook, in this case).  The actual transaction between the email client and the server goes something like this:

Client: “Hey Gmail, I want my email, here’s my authenticated user ID and my “Client Secret”, please send me the key to my mailbox
Gmail Authorize: “Hi client, I’m the authorization service, let me run your credentials by the email service. If they’re good, I’ll be right back with your key”
Gmail Authorize: “Hey email service, I’ve got a key request, are these credentials good?”
Gmail Email: “Hey authorization service, yes, good credentials, give the client a key”
Gmail Authorize: “Hey client here’s your key
Client: “Thanks! Hey Gmail Email, send me my stuff, please, here’s my key.
Gmail Email: Here you go…

Authentication FIRST!!

I’ve mentioned Authentication several times so far; you MUST be authenticated first. With an Oauth2 enabled client, the server and client handle this for you. In Gmail’s case, you’ll be asked to authenticate through Google as part of the account creation process.  Without it, Gmail, Yahoo, and others now want extra security to make sure you are really you.  They do this by requiring 2-Step Authentication and they will not even let you see the App Password generator until you enable it.  That way only YOU have access to the App Password generated for YOUR email account.

How do I make Outlook work with Gmail?

This is actually the easy part.  If you have Outlook 2016 and earlier, go to your Google account, turn on 2-Step Verification and then generate an App Password. Open Outlook, bring up your Gmail account in Account Settings, and replace the existing password with the 16 digit App Password you just generated.  You’ll need to do this for both POP and IMAP accounts.  If you have Outlook 2019 and later, you only need to do this for POP accounts since these versions support Oauth2 with IMAP accounts.

Well now, that wasn't so hard, was it?  With just a few fairly simple steps, Outlook and Gmail will once again be a happy couple.