Google has announced significant changes to its password policies for Google Workspace, aimed at improving user security and protecting against unauthorized access.
The tech giant is phasing out support for Less Secure Apps (LSAs), which require users to share their Google username and password with third-party applications.
Google said that “LSAs put users at additional risk since they require sharing Google Account credentials with third-party apps and devices, which can make it easier for bad actors to gain unauthorized access to their accounts.”
Recently, the National Institute of Standards and Technology (NIST) has released updated guidelines for password security, marking a significant shift from traditional password practices.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
Google Workspace Changes Timeline
June 15, 2024:
- LSA settings will be removed from the Admin console
- IMAP enable/disable settings will be removed from users’ Gmail settings
- New users will not be able to connect to Google Workspace via Google Sync
September 30, 2024:
- Access to LSAs will be completely turned off for all Google Workspace accounts
- CalDAV, CardDAV, IMAP, POP, and Google Sync will require OAuth authentication
- Existing Google Sync users will lose connectivity to Google Workspace
Impact on Users and Administrators
These changes will affect both end-users and administrators of Google Workspace accounts. Users will need to transition to more secure authentication methods, primarily OAuth, to continue accessing their accounts through third-party apps and devices.
Administrators are advised to prepare their organizations for this transition by:
- Informing users about the upcoming changes
- Providing guidance on switching to OAuth-compatible applications
- Reviewing and updating Mobile Device Management (MDM) configurations
Google recommends several alternatives for users and organizations affected by these changes:
For Email Applications:
- Migrate to Microsoft 365 or newer versions of Outlook that support OAuth
- Use Google Workspace Sync for Microsoft Outlook
- Reconfigure email clients to use IMAP with OAuth
For Calendar and Contacts:
- Switch to the Google Calendar app
- Remove and re-add accounts on iOS and macOS devices, selecting “Sign in with Google” for OAuth authentication.
Developer Considerations
Third-party application developers need to update their products to support OAuth 2.0 and maintain compatibility with Google Workspace accounts. Google has provided developer guides to assist with this transition.
These changes reflect Google’s ongoing commitment to enhancing user security and aligning with modern authentication standards.
By moving away from password-only access methods, Google aims to reduce the risk of unauthorized access and protect users’ sensitive information.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Webinar