On Monday, September 30, millions of Gmail users will notice new password rules. Google is making these changes to help keep users safe. Starting now, Google will not allow access to Gmail accounts from apps that are considered less secure. This means third-party apps or devices that only use a username and password for login will no longer work. Here’s what you need to know.
Changes to Google Sync and Less Secure Apps
If you are surprised by Google’s new security rules, you might have missed some recent updates. Google has been focused on improving security for a while. They introduced passkeys for Chrome users on various systems like Windows, macOS, Linux, and Android. Google is also working on post-quantum cryptography to prevent attacks. The changes to Gmail security have been in the works for a year now. Google decided to phase out the old username and password system to reduce risks for Gmail users.
Starting September 30, all Google Workspace customers will need to log in using a more secure method called OAuth. This is part of the effort to enhance security and make sure that Gmail accounts are less vulnerable to compromise. As a result, access methods like CalDAV, CardDAV, IMAP, POP, and Google Sync will no longer support password-based login.
Who Will Be Affected by the New Rules?
The new Gmail security rules apply to all customers using Google Workspace. The option for using less secure apps has already been removed from the Google Workspace admin console. This change is designed to simplify the transition and stop new accounts from using the outdated method.
However, personal Gmail account holders will not be affected by this change. They will no longer have the ability to toggle IMAP settings from their account settings. Google stated, “IMAP access is always enabled over OAuth, and your current connections will not be impacted.” But for Google Workspace users, there are three important steps to follow to avoid issues when these new rules take effect:
1. For Outlook 2016 or Older Users: If you are using Outlook 2016 or an older version, you must upgrade to Microsoft 365 or use Outlook for Windows or Mac.
2. For Thunderbird or Other Email Clients: If you use Thunderbird or a different email client, you need to add your Google account again. Make sure to configure it to use IMAP with OAuth.
3. For Mail on iOS or macOS Users: If you are using Mail on iOS or macOS, you need to sign in using the Google option to enable OAuth. This process will involve removing and re-adding your account.
Yubico’s Research Highlights Password Security Awareness Issues
Recent research from Yubico, a company that sells hardware security keys, reveals important insights into why Google is making these changes. The Global State of Authentication survey asked 20,000 people worldwide, including those in the U.S. and U.K., about their feelings on security risks.
The results show that many users still rely on usernames and passwords. In fact, more than half of the participants—58% for personal accounts and 54% for work accounts—admitted to using this method for login. Surprisingly, 39% of those surveyed think that this is the most secure way to access their accounts. Additionally, 37% believe that SMS-based two-factor authentication is a safe option. However, a concerning 40% of respondents said they felt that apps and services were not doing enough to protect their data. Even more alarmingly, nearly a quarter—22%—had never conducted a personal cybersecurity audit to evaluate their own security practices.
Derek Hanson, vice president of standards and alliances at Yubico, expressed concern about these findings. “With most cyber attacks being a result of stolen login credentials, it’s concerning that so many people still rely on this outdated authentication method,” he said. “It’s clear that change is not just needed; it’s paramount to the future of a world that centers around the internet.”
Hanson also highlighted positive developments, mentioning that impactful work is underway at the federal level. For example, NIST is revising their identity guidelines in the U.S. This could lead to more effective definitions of acceptable security solutions. He hopes that Google’s initiatives will also add to this global influence.
The Importance of Strong Passwords and Security Measures
The move to OAuth is part of a broader effort to enhance security. Using strong passwords and secure authentication methods is essential in today’s digital world. With the increasing number of cyber threats, users must take steps to protect their accounts.
Here are some tips for maintaining security online:
1. Use Strong Passwords: Choose passwords that are long and complex. Use a mix of letters, numbers, and special characters. Avoid using easily guessable information like birthdays or names.
2. Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA for an extra layer of security. This adds a second step to the login process, requiring a verification code in addition to your password.
3. Keep Software Updated: Regularly update your software and apps to ensure you have the latest security features and patches. Outdated software can be an easy target for hackers.
4. Be Cautious with Links and Attachments: Avoid clicking on suspicious links or downloading attachments from unknown sources. Phishing attacks are common and can compromise your account.
5. Regularly Review Account Activity: Check your account activity periodically. Look for any unauthorized access or unusual behavior. If you spot something suspicious, change your password immediately.
6. Conduct Security Audits: Perform regular cybersecurity audits on your own accounts. This includes evaluating your passwords, checking for unused accounts, and ensuring you have the necessary security measures in place.
The Future of Password Security
As technology evolves, so do security threats. Google’s new password rules for Gmail users are a step in the right direction. The emphasis on OAuth will help protect accounts from unauthorized access. However, users must also take responsibility for their security.
With more people using the Internet for work and personal activities, the need for robust security measures has never been greater. Organizations like Google are leading the way by implementing stronger authentication methods. This can significantly reduce the risk of cyber attacks.
In conclusion, the new password rules for Gmail users are designed to enhance security and protect users from potential threats. By adopting OAuth and discontinuing support for less secure apps, Google is making strides to ensure safer online experiences. As users, it’s crucial to stay informed and proactive about account security. By following best practices and adapting to new security measures, we can better safeguard our personal information in an increasingly connected world.