Google Less Secure Apps Access. The most the thief can see are the messages stored on the device locally. Generally, you should only allow your users to use external apps that connect to google accounts via oauth, as lsas make user accounts more vulnerable to hijacking.
If the email account is on g suite / google workspace, the less secure apps access may be locked in the admin. Even a thief who immediately accesses the device, before the token is revoked, will not be able to recover your original password from the device. This is the solution to this issue, especially if you still received a “this setting is managed by your domain administrator.” even if you do manage to get to the “enable less secure apps” page.
The most the thief can see are the messages stored on the device locally.
What is a less secure app (lsa)? I currently use windows live mail for my gmail account and i have done for some time. Enable the less secure features: Click the security menu item on left, then scroll down on right and click the turn on access (not recommended) link under the less secure app access section in right.