Google G Suite, OAuth, & Less Secure Apps
June 15th, 2020 has come and gone. This means that if you wish to use Gmail or Google G Suite to send email from your Joomla! website you must do so using an "Application Specific Password". Keep reading to learn how to do this.
Most likely, if you are reading this, it is because you use G Suite for your domain email and you received an email from Google stating that they "will be turning off access to less secure apps (LSA)" in 2 stages. The first stage will be June 15th, 2020 so users who try to connect to an LSA for the first time will not be able to. The email also said "Starting February 15, 2021, G Suite accounts will only allow access to apps using OAuth. Password-based access will no longer be supported". Now, you're probably left wondering if your Joomla website will still be able to send mail through your G Suite account because there is no interface in Joomla's Global Configuration for OAuth.
You're not alone. The wording of the email G Suite sent has left many people confused, particularly due to the fact that it says it will "only allow access to apps using OAuth" and that "Password-based access will no longer be supported". What they do not mention in the email is that an App Password uses a sub-protocol of OAuth. So even though an Application Specific Password is a password, and they say "password-based access will no longer be supported", sending mail from your Joomla website via G Suite with an App Password will work.
The solution is to create an App Password. The ability to create an App Password is only available if you turn on Two-Step Verification (2-SV), also know as two-factor authentication (2FA). It is important to note that once you have enabled 2-SV, it will automatically turn off access to Less Secure Apps which means the contact form will fail to send messages. This means that before you enable 2-SV in your G Suite account you need to be ready to enter the App Password in "Global Configuration > Server > Mail Settings > SMTP Password". Failure to do so will cause the contact form to stop working.
When enabling 2-SV you have the option to receive prompts on your smartphone as well as receive 2-SV codes via text message. However, you can also use an "Authenticator App". We recommend using the Authy App over Google Authenticator. You can read our knowledge base article covering this topic called Two-Factor Authentication for more information.
If you need to know how to setup Google G Suite as your mail server for Joomla! you can follow the instructions outlined in the Joomla! documentation linked below. The link describes how to use Gmail as your mail server but the instructions work for G Suite as well.
For reference, we have included the email from Google's G Suite department. Click the slider below to read the original email.