Google plans to implement new password rules for Gmail users, particularly for those using third-party applications. Google will no longer support basic username and password sign-ins for apps using older authentication methods. This is as from 30th September 2024.
Google is discontinuing support for Less Secure Apps, a less secure authentication method. To continue using third-party apps with Google accounts, users will need to switch to the more secure OAuth.
This change aims to enhance account security.
Key Changes and recommendations
- End of Support for Less Secure Apps:
- Users of apps that rely solely on username and password authentication will be unable to access Gmail after the cutoff date. This affects older versions of email clients like Outlook 2016 and earlier.
- Move to OAuth 2.0:
- Google recommends that users transition to OAuth 2.0 for authentication, which does not require sharing passwords and offers improved security through token-based access. This method allows users to control app permissions more effectively.
- App Passwords:
- For those who still need to connect older apps that do not support OAuth, Google allows the creation of app passwords. These are 16-digit codes that provide access to Google accounts but require enabling two-step verification first(gHacks Technology News).
- Updating Applications:
- Users are encouraged to update their applications to versions that support OAuth. For example, switching to Microsoft 365 or using the new Outlook for Windows or Mac is advisable.
- Review Security Settings:
- Users should log into their Google Workspace account and check their security settings to ensure they comply with the new rules. This includes looking for the “App Passwords” section to manage and update applications.
Recently, Google has been focused on improving security features throughout the month. It has introduced new protections for users of its Chrome web browser on various platforms, including Windows, macOS, Linux, and Android. One of the key updates involves Gmail password security. This transition means that older protocols such as CalDAV, CardDAV, IMAP, POP, and Google Sync will no longer support password-based logins.