Open your gmail account in a browser, click the colored circle top-right with the first letter of your name, in the window that opens click on Manage your account.
Then in the search bar on top of the page type “app password”. In the app password section generate a password. Copy and paste that in the Kmail account settings (Receiving mail) instead of your own password which will not be needed anymore.
I am not entirely sure if you also have to use it for sending e-mail, but if sending mail still doesn’t work then also paste it in the Sending mail part of the settings.
Somehow Gmail thinks Kmail to be an insecure mail-client and therefore you need a generated (by Gmail) password which makes it secure. How? I have no idea.
Earlier this year I had a discussion about Kmail on the discuss.KDE.org forum and Nate Graham (KDE) wrote:
Often what ends up happening is that a piece of software affected by human problems eventually gets abandoned as development resources organically shift to an internally-developed alternative that was created largely for the purpose of having different people behind it–or just abandon internal efforts in favor of a 3rd-party solution. It’s happened before with KOffice and Amarok, and I feel like I slowly see it happening with KMail too.
Maybe it is better to stay with Thunderbird, I made the change to Thunderbird when I read this coming from Nate and I must say, I hadn’t used Thunderbird in many years, but it works great.