Google to step up its security levels with Less Secure Apps

Third-party apps that allow access to your Google accounts by only entering your username and password are being put under increasing pressure by Google to step up their security levels.

This year, Google is turning off access to these less secure apps, to limit the vulnerability of your account being hijacked. Third-party apps will have to adhere to Google’s new policies, which require supporting a more modern approach called OAuth.

There are two phases in which Google is tackling this security shift…

  • 15th June 2020 – Users who try to connect to an LSA for the first time, will no longer be able to do so. This will include apps that allow password-only access to Google Calendars, Contacts and Email via channels such as CalDAV, CardDAV and IMAP. Users who have already connected to LSAs prior to this date will be allowed access until usage of all LSAs is turned off.
  • 15th February 2021 – Access to LSAs will be turned off for all G Suite accounts.

What do I need to do?

To continue using third-party apps, you must switch to the OAuth access, which allows apps to access accounts with a digital key instead of requiring you to reveal your username and password.

Email Instructions

Outlook 2016 or earlier – Move to Office365 or Outlook 2019, both support OAuth access. Alternatively.

Calendar Instructions

If you use CalDAV to give an app or device access to your calendar, you will need to switch to a method that supports OAuth. Google recommends using their Google Calendar app, which is available on iOS, Android and macOS.

If your G Suite account is linked to the calendar app in iOS or macOS and uses only a password to log in, you’ll need to remove and re-add your account to your device. When you add it back, select “sign in with Google” to automatically use OAuth

Contacts

If your G Suite account is syncing contacts to iOS or macOS via CardDAV and uses only a password to log in, you’ll need to remove your account. When you add it back, select “sign in with Google” to automatically use OAuth.

If your G Suite account is syncing contacts to any other platform or app via CardDAV and uses only a password to log in, switch to a method that supports OAuth.

Note: If the app you are using does not support OAuth, you will need to switch to an app that offers OAuth, or ask your admin to contact the supplier of your app and request that they add OAuth as a way of connecting your Google account.

Tags: