X

If You Don't Update Security, You Lose Access To Gmail Sept. 30

This forthcoming change impacts all Google Workspace customers, Google said.

The short version: You have less than a month, and no, it's not optional. Via Forbes:

Hot on the heels of a warning about a dramatic rise in the number of attacks targeting Gmail users, comes a timely reminder that Google is about to force Google Workspace users into taking security more seriously. Starting September 30, access to your Gmail account from “less secure apps, third-party apps, or devices that only require a username and password to sign in” will no longer be supported. This latest move is part of an effort to stamp out what Google refers to as an “antiquated sign-in method,” one that puts Gmail users at greater risk of compromise from those who seek unauthorized access to your Google account as it involves sharing your credentials with third-party apps and devices. This forthcoming change impacts all Google Workspace customers, Google said.

Google made it clear that support for what it calls less secure apps, along with Google Sync, would be dropped in a Google Workspace update posted almost exactly a year ago. The decision to tighten up authentication security in this way was first suggested in December 2019 but, with the impact of Covid taken into account, was suspended in March the following year. Now the deadline for getting your Gmail, plus Calendar and Contact accounts, in order is fast approaching.

Although it might appear that Google is making your life harder, in fact, it’s taking a common-sense approach to the problem of account authentication, which will effectively shrink the threat landscape as it applies to your Gmail account. I cannot emphasize enough how much of a good thing this is and how we should be applauding Google for finally stepping up and addressing the less secure apps issue. Indeed, this follows on from the April 1 implementation of stricter authentication requirements for bulk senders of email to Gmail accounts so as to reduce the volume of malicious spam traffic for users.

Access to all such less secure apps will be discontinued from September 30 unless more secure access is used, Google said: “You will need to login with a more secure type of access called OAuth.” This applies to all Google Workspace accounts, with CalDAV, CardDAV, IMAP, POP and Google Sync all no longer supporting just a password-based login credential.

Editor's Note (Karoli): I recommend clicking through the article for a more complete description of what apps they'll block, but two main ones are Apple Mail and Outlook 2016. If you're using Apple mail to access your GMail account, you should ensure you're signing in with Google instead of just your username and password. Outlook users should update to Outlook for Mac or PC in Office 365. There are other apps affected too, but these will be the main ones for most people.

More C&L
Loading ...