This website explains how to set and check the Less Secure App for KUMail (Gmail for faculty and staff at Kyoto University) account.
Hereafter, "KUMail (Gmail for faculty and staff at Kyoto University)" will be referred to as "GWS" and "Less Secure App (LSA)" will be referred to as "LSA".
Overview (June 2024)
GWS has been in operation since February 2019 (*1), and LSA can be enabled individually for compatibility with old applications (email software) and services. However, LSA will no longer be available after September 30, 2024 (*2). Therefore, please review and adjust your settings to ensure LSA is not used.
Risks of enabling this setting has been pointed out for some time, and its use is not recommended.
There have also been incidents on campus that seem to have abused this setting (*3).
( *1)
What is KUMail?
(https://www.iimc.kyoto-u.ac.jp/en/services/mail/kumail/)
Since February 18, 2019, KUMail has been powered by Gmail.
(*2)
Beginning September 30, 2024: third-party apps that use only a password to access Google Accounts and Google Sync will no longer be supported
(https://workspaceupdates.googleblog.com/2023/09/winding-down-google-sync-and-less-secure-apps-support.html)
Beginning September 30, 2024:Access to LSAs will be turned off for all Google Workspace accounts.
(*3)
[For internal use, title omitted]
( https://ku1.cybozu.com/g/bulletin/view.csp?aid=14883 )
Prerequisites and precautions
LSA is "OFF" by default, and users can change it yourself.
This setting is changed by yourself. "why, how, for what reason it is valid," "where the impact is," are not understood by administrators side.
GWS administrators can check the LSA usage status, but cannot change individual settings.
If you do not use old applications (email software) or services , or if you have not changed the sender, change LSA to "OFF" .
If you continue to use old applications (email software) and services, please consider using "App passwords" instead of LSA (*4).
If you want to use "App passwords", you need to enable "2-Step Verification".
If you enable "2-Step Verification", change "LSA(to OFF)" first .
"2-Step Verification" can be enabled or disabled, but if disabled, "2-Step Verification" and "App passwords" will be initialized.
When changing the sender from "Email for faculty and staff KUMail (Gmail)", "App passwords" may be required.
"App passwords" is not required if you set the sender as a secondary group address (@mail2.adm.kyoto-u.ac.jp).
If you change the sender to a departmental address and there is no departmental mail transmission server that can be accessed from off-campus, you will need an "App passwords" (*5).
If the sender of "Email for faculty and staff KUMail (Gmail)" has been changed and LSA is used for that setting, disabling LSA will result in the inability to send emails from that sender.
If sent via the web, the following error occur.
** Message not delivered **
You're sending this from a different address or alias using the 'Send mail as' feature. The settings for your 'Send mail as' account are misconfigured or out of date. Check those settings and try resending.
Please be mindful of the time required for the task if you plan to switch to "App passwords."
(*4)
Sign in with App Passwords
(https://support.google.com/accounts/answer/185833?hl=en)
(*5)
Add another sender address (From address)
(https://sites.google.com/kyoto-u.ac.jp/kumailstart-en/add-from)
【Limited on-Campus】IMAP/SMTP server settings (https://www.iimc.kyoto-u.ac.jp/en/services/mail/kumail/use/newkumailimapsmtp.html)
List of Domains for email hosting service. (https://ku2.viewer.kintoneapp.com/public/2e33a5099976b00dde8fdfe0f9a62624736045dac22983a8a1adf985a037fe21/)
How to check and change settings
In order to access "A" to "E" below, it is necessary to be able to refer to "KUMail (Gmail for faculty and staff at Kyoto University)" (logged in via the Kyoto University Integrated Authentication System).
Each connection destination
A) Google Account - Access for less secure apps ( https://myaccount.google.com/lesssecureapps )
If LSA is enabled, "Allow less secure apps: ON" is displayed as shown in this image.
B) Google Account - 2-Step Verification ( https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome )
"2-Step Verification" settings of your account.C) Google Account - App passwords ( https://myaccount.google.com/apppasswords )
"App passwords" settings of your account.
This setting is not available for accounts with 2-Step Verification disabled.D)Google Account - Sender verification ( https://mail.google.com/mail/u/0/?tab=#settings/accounts )
This is the sender's settings( "Send mail as: " ).
E) Google Account - Logout ( https://accounts.google.com/Logout )
If you are logged into multiple accounts such as faculty email and personal Gmail, the operation may not proceed smoothly.
In such a case, please access the above address, log out completely from all accounts, and log in again with the corresponding account.
Checking and changing settings
Sender verification
Please access "D)Google Account - Sender verification" and confirm that no other sender than KUMail (Gmail) is set.
If "Mail is sent through: smtp.gmail.com" is displayed, it is possible that LSA is being used.
There is no visible distinction between using "LSA" and using "App passwords", so it is necessary to disable the setting and send an email to confirm whether LSA is being used or not.Check "App passwords" settings of your account
1st go to "C) Google Account - App passwords"
2nd check if "App password" is set.
If you see "You don't have any app passwords." or "The setting you are looking for is not available for your account."
you haven't set an "App passwords".If "App passwords" is not set
1st go to "A) Google Account - Access for less secure apps "
2nd check "Allow less secure apps"
if you do not want to use it, set it to "OFF". change .If "App passwords" is set
1st go to " B) Google Account - 2-Step Verification "
2nd select "GO TO SETTINGS" and then turn "2-Step Verification" to "TURN OFF"
3rd go to "A) Google Account - Access for less secure apps "
4th check "Less secure app access"
if you do not want to use it, set it to "OFF". change .
* When "2-Step Verification" is "TURN OFF", "2-Step Verification" and "App passwords" are initialized.
If you use "2-Step Verification" again, or if you use "App passwords", you will need to set them again.