It happens to me all the time. I used to use Gmail API to send mail (personal hobby app, to my own account). Every now and then Gmail would randomly refuse to authenticate through the API because of unsafe or suspicious access or some other BS. Then I would need to jump through some hoops (log in manually though browser, toggle on/off the "allow less secure app" setting, the disable unlock captcha setting, and it would work again for a while before acting up again.
I don't think depreciating the use of "Give your Google account password to $app" or "Give $app a fixed never expiring key that's as good as your password" unless you explicitly enable it is particularly user hostile.
If you used the Gmail API https://developers.google.com/gmail/api and client that supports OAuth instead of SMTP with username/password you wouldn't really run into this problem.
Yeah it kind of sucks for hobbyists because it's not as simple as sending an SMTP email but that's more to do with the lack of good tooling than something fundamental.
