Google has revealed important modifications to its password guidelines for Google Workspace, aimed at enhancing user safety and protecting against unauthorized access. The tech giant is phasing out support for Less Secure Apps (LSAs), which need users to share their Google username and password with third-party applications.
Google stated that “LSAs put users at more risk since they need to share Google Account details with third-party apps and devices, which can make it easier for bad actors to gain unauthorized access to their accounts.” Recently, the National Institute of Standards and Technology (NIST) has released updated policies for password protection, marking a notable shift from traditional password practices.
Google Workspace Updates Timeline
June 15, 2024:
- LSA settings will be terminated from the Admin console
- IMAP enable/disable settings will be removed from users’ Gmail settings
- New users will not be able to link to Google Workspace through Google Sync
September 30, 2024:
- Access to LSAs will be completely turned off for all Google Workspace accounts
- CalDAV, CardDAV, IMAP, POP, and Google Sync will require OAuth authentication
- Existing Google Sync users will fail to connect to Google Workspace.
Effects on Users and Administrators
These modifications will impact both end-users and administrators of Google Workspace accounts. Users will need to transition to more protected authentication techniques, especially OAuth, to resume accessing their funds through third-party apps and devices.
Supervisors are instructed to prepare their associations for this change by:
- Notifying users about upcoming changes
- Delivering advice on changing to OAuth-compatible applications
- Checking and updating Mobile Device Management (MDM) setups
Google suggests many options for users and associations impacted by these changes:
For Email Applications:
- Relocate to Microsoft 365 or newer interpretations of Outlook that support OAuth
- Use Google Workspace Sync for Microsoft Outlook
- Reconfigure email customers to utilize IMAP with OAuth
For Calendar and Contacts:
- Switch to the Google Calendar app
- Dismiss and re-add accounts on iOS and macOS devices, choosing “Sign in with Google” for OAuth authentication.
Considerations for Developers
Third-party application designers are required to modernize their products to support OAuth 2.0 and keep compatibility with Google Workspace accounts. Google has provided developer directions to help with this change. These transformations reflect Google’s ongoing dedication to improving user safety and aligning with modern authentication measures. By shifting away from password-only access strategies, Google desires to decrease the chance of unauthorized access and safeguard users’ confidential data.