535 5.7.8 Username and Password Not Accepted (Gmail SMTP)

What’s actually happening

Outgoing mail stops and your app/plugin logs this 535 right after AUTH. Nothing changed in your code — Google tightened auth, or someone rotated the account password. Test emails from a WP SMTP plugin or a cron mailer fail while the inbox itself works fine in a browser.

Common causes

• You're sending the regular Google account password; Gmail SMTP requires a 16-character App Password when 2-Step Verification is on.
• The App Password was revoked, or the account password changed (which invalidates all existing App Passwords).
• 'Less secure app access' was used previously and Google has now removed that option entirely.
• 2-Step Verification is off, so the App Password option isn't even available to generate.
• Wrong username — using an alias or display name instead of the full [email protected] / Workspace address.

How to fix it

1. Generate an App PasswordTurn on 2-Step Verification at myaccount.google.com/security, then go to App Passwords, create one for 'Mail', and paste the 16 characters (no spaces) as the SMTP password. Username stays the full email.
2. Use the correct SMTP settingsHost smtp.gmail.com, port 587 with STARTTLS (or 465 with SSL), username = full Gmail/Workspace address, password = the App Password. Confirm the port matches the encryption your client requests.
3. Regenerate after any password changeIf the account password was reset, every App Password died with it. Create a fresh App Password and update it everywhere — plugin, cron job, app config.
4. Move to OAuth2 for productionFor anything long-lived, configure OAuth2 (Gmail API or XOAUTH2) instead of an App Password. Plugins like WP Mail SMTP and Post SMTP have a Google/Gmail OAuth option that survives password changes.
5. Check Workspace admin restrictionsOn Google Workspace, an admin policy can block App Passwords or less-secure access org-wide. In Admin Console > Security, confirm App Passwords are allowed for the user or switch to OAuth.