NodemailerError - Invalid login: 535-5.7.8 Username and Password not accepted

I’ve been trying to setup a simple OTP verification system on my webpage using Nodemailer module, the whole code is a bit long, so here is a reproducible example,

Here is the whole project:!/mcve?path=server.js%3A1%3A0

The above code outputs the following error:

Error: Error: Invalid login: 534-5.7.14
534-5.7.14 Please log in via your web browser and then try again.
534-5.7.14 Learn more at
534 5.7.14 q130sm13278448qke.80 - gsmtp

code: ‘EAUTH’,
response: '534-5.7.14 ’ +\n’ +
‘534-5.7.14 Please log in via your web browser and then try again.\n’ +
'534-5.7.14 Learn more at\n534 5.7.14 ’ +
' q130sm13278448qke.80 - ’ +
responseCode: 534,
command: ‘AUTH PLAIN’

However, it sometimes gets logged in mysteriously and I get “success!” message.
How to fix it?

I’m no nodemailer expert but a quick Google search pulled up something rather interesting I think. Maybe instead of using

let trans = nm.createTransport({
    host: '',
    port: 465,
    secure: true, // use SSL
    auth: {
        user: process.env.EMAIL,
        pass: process.env.PASS

try using

let trans = nm.createTransport({
    service: 'gmail',
    auth: {
        user: process.env.EMAIL,
        pass: process.env.PASS

as suggested by this article. Seems like maybe nodemailer has some preset for gmail in which case configuring it may be handled for you…

I guess that you’ve not read the whole question, I’ve mentioned in the bottom that I’ve tried service: 'gmail' part too.
However, I’d again tried changing my mcve, but nothing changed up.

Meanwhile, I was watching this video:
and it only says to turn on “less security”, which I’ve already done…

1 Like

@vrintle, I’ve had my fair share of Nodemailer + Gmail, and let me tell you that Gmail isn’t meant for Nodemailer as Gmail is super duper security protected. If you really want to use Gmail with Nodemail, I suggest you use Gmail oAuth, which also allows you to turn off access for less-secure apps. oAuth also doesn’t require password. Instructions on how to us Gmail oAuth with Nodemailer:

Make sure to store the various tokens in you .env file!

Demo: built using the same tutorial:

1 Like

@FlantasticDan, I removed that error, but now a new error persists. The previous error was removed by just “turning on less-security”, which I’ve done multiple times, but actually it was not turned on. But strangely, it has been turned on now :alien:

@khalby786, If that service is free-of-cost, I’ll sure have a look, thanks! :smiley:

1 Like

Yes, the service is completely free of cost!

1 Like

Thanks a lot, man. I created my first user-system based site:
using OAuth2 API, it is wonderful API and easy to use. :smiley:

I’ll mark your answer as “solution” within 24 hrs, if no solution to original question comes up.

1 Like

This worked for me too.

I just turned it off and then turned the less secure enabled back on.
And all the issue resolved after debugging of 2 hours -_-

1 Like

Hey @ahmad-punch,

Thanks for contribuiting!

Just note that bumping threads should not be practiced, if you enjoyed a solution, please use the :heart: button.