Gmail - doogie not secure?

  1. 4 months ago

    I've set up Doggie to interact with a Gmail account, following the instructions given. However, I couldn't get it to log in, with Doogie claiming 'incorrect credentials'. Looking at Gmail via a browser showed me that a 'nonsecure application' tried to access Gmail. OK, I've now allowed 'less secure apps' in the Gmail account and it works. But - I'm a bit uncomfortable with doing this, as Google tells me I'm at greater risk of having the account compromised. Any comments? Is Doogie 'insecure'? Or is Google paranoid! And - is there any way that Doggie can be made a 'secure app' if it really is a problem? Many thanks!

  2. Chuck

    Jan 1 Test Pilot

    This may or may not be related, but Google changed to 2-factor authentification last November. Not sure DoogiePIM has adjusted.

  3. Thanks, Chuck. I believe that 2FA isn't mandatory. I certainly know it is available, and I use it with my main account, but I thought it was an option? There appear to be other factors in play?

  4. Chuck

    Jan 2 Test Pilot

    Seems like its progressing to mandatory with some options: https://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/

  5. Chris

    Jan 2 Developer, Moderator, Test Pilot

    At the moment, to use Gmail you need to set up an "App Password" for doogie. This means you only give one special password to doogie and NOT your main Google password. This requires 2FA to also be set up.

    Google regards any access that uses only a username and password as a "less secure app". This is obviously subjective to their own system. This kind of phrasing is used to create fear into people so you would be more aware of your account access. You still have to use a username and password to log into a basic Google account. They are making moves to have only Cloud based access and will eventually remove the "password" component of the login. A crazy move, in my opinion.

    I am working on some systems that talk nicely with Google but their way of doing something simple is crazy, required far more personal details than needed.

    I hope 2022 will be great for you all.

    Speak to you soon.... literally ;)

  6. Thanks to both of you for those very valuable comments. I guess Gooogle is 'playing safe' and given the poor practices of many - most? -users, probably a wise approach! I'll check out what the implications are later. One other - probably dumb? - question. The specific Gmail account I am using is one that I have had for a few years, although hardly used. This means there are about 30 or more messages in the inbox - yet only the latest two (from setting it up) are showing in Doogie. Is there a setting to allow Doggie to see all the messages in that account? Many thanks again.

  7. Any comments on my query about being able to see all the received messages in the GMail account in-box and not just the latest few? Many thanks!

  8. Chris

    Jan 7 Developer, Moderator, Test Pilot

    You could try checking the Google settings for IMAP or POP3 and see if it's enabled for "All email" or "Only Email from now".

    -image-

  9. Thanks Chris. Yes, I checked that and it is exactly as you suggest. There's actually no specific setting for IMAP - only POP. But however, it didn't make any difference. If I look at the GMail account in a browser, I can see about 60 emails going back to 2007 (when I created the account), But in Doogie, only about 9 - dating to the day I set it up. Nothing before. It's not important - just seems a bit strange that it doesn't bring down all those others? But thanks for the reply - much appreciated.

  10. 2 months ago

    Hi Chris - yet another extension of this ongoing issue. I've had an email from Google "On May 30, you may lose access to apps that are using less secure sign-in technology. To help keep your account secure, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. Instead, you’ll need to sign in using Sign in with Google or other more secure technologies, like OAuth 2.0"

    So, the question is - should I be concerned? Is this merely a repeat of the issues before, or will it require a subtle change to the way Doogie handles Gmail sign in? And if so, is that change being looked at? Thanks for all your assistance! Mike

  11. Chris

    Mar 18 Developer, Moderator, Test Pilot

    Just a repeat of before. App Passwords will be removed which is why doogie will be OAuth 2.0 compatible by then.

    Some exciting features are coming in v3 so stay tuned in May. ;)

 

or Sign Up to reply!