Today, Google will roll out new security rules for Gmail users using Google Workspace. These new rules will affect those who rely on third-party apps to sign in. The move aims to improve safety, as apps that use basic username and password sign-ins will no longer work.
New Sign-In Rules for Gmail
The change will prevent users from accessing Gmail accounts via apps that rely only on a simple password and username. This includes services like IMAP, POP, CalDAV, and Google Sync. Google aims to cut the risk of hacks by moving users toward more secure methods of logging in, such as OAuth 2.0.
The update targets users of Google Workspace accounts. For those using older versions of software like Outlook 2016 or earlier, it will be necessary to upgrade to newer versions like Microsoft 365 for Windows or Mac. Thunderbird users will also need to re-add their Google account and set up IMAP with OAuth.
iOS and macOS users, particularly those who use the Mail app, will need to use the “Sign in with Google” option to enable OAuth for a more secure connection. Those who do not update their settings by the deadline risk losing access to Gmail from these apps, which could cause issues with daily tasks.
Google explained the reasoning behind this change in a corporate blog post back in September 2023. The aim is to phase out outdated and unsafe sign-in methods. Simple passwords have long been a weak point in online security, making accounts more vulnerable to hacking. By switching to OAuth 2.0, the company wants to make it harder for unauthorized access to occur.
OAuth 2.0 is seen as a more advanced way to keep accounts safe. It does not require sharing a password with apps, instead, it uses tokens that are harder to crack. This method also allows users to control what data apps can access, giving them more peace of mind when using third-party services.
What to Do Before the Deadline
Users must adhere to Google’s instructions to maintain access to their Gmail accounts. Initially, users need to log in to their Google Workspace account and inspect their security configurations. Subsequently, they should locate the “App Passwords” section to identify which applications require updated settings. Google will also provide guidance on configuring OAuth 2.0 or enabling two-factor authentication, which significantly enhances security. It’s crucial to note that these modifications are exclusive to Google Workspace users. Gmail users with personal accounts will remain unaffected by this update, though they may still consider reviewing their security settings for added protection.