As part of ongoing efforts to enhance security, Google will discontinue support for basic username and password sign-ins for third-party applications starting from 30th September 2024. This change is particularly aimed at Less Secure Apps (LSAs) that rely on older, less secure authentication methods, such as username and password logins.
Key Changes and Recommendations:
- End of Support for Less Secure Apps:
- Google will no longer support apps that use basic sign-in methods, affecting older versions of email clients like Outlook 2016 and earlier. These clients will lose access to Gmail unless updated.
- Move to OAuth 2.0:
- Google recommends users transition to OAuth 2.0, a more secure authentication method. OAuth allows users to authenticate without sharing their passwords and provides token-based access, enhancing security and allowing better control over app permissions.
- App Passwords:
- For users of older apps that don’t support OAuth, Google offers app passwords—16-digit codes that can be used to access Google accounts after enabling two-step verification. This ensures older apps can still connect while maintaining a higher security standard.
- Update Applications:
- Users are advised to update their applications to versions that support OAuth. Google suggests using more secure clients like Microsoft 365 or the latest versions of Outlook for Windows or Mac.
- Review Security Settings:
- To prepare for these changes, users should log into their Google Workspace account to review their security settings. This includes managing app passwords and ensuring compliance with the new requirements.
Gmail’s Security Push:
This transition affects older protocols like IMAP, POP, CalDAV, CardDAV, and Google Sync, which will no longer support password-based logins. In conjunction with these changes, Google has also rolled out new protections across its platforms, including for Chrome web browser users, to further safeguard account security.
By moving towards OAuth 2.0, Google aims to reduce account vulnerabilities and streamline secure access for third-party apps, making user accounts less susceptible to hacking attempts and unauthorized access.
