Google is changing its security system
Starting February 15, 2021, G Suite accounts will only allow access to applications that use the OAuth 2.0 protocol. Password-only logins will no longer be supported.
_w1693q90.webp "Google is changing its security system")
Google is constantly working to improve account security. In light of the current threat landscape, access to less secure third-party apps will be denied. These are those apps that only require a username and password. A so-called account with one-factor identity verification, which is much more susceptible to theft. From now on, only apps that support the more modern and secure OAuth 2.0 access method will be able to access your account.
OAuth 2.0 Protocol
The goal of the OAuth 2.0 protocol is to provide secure authentication and authorization against the APIs of various services, uniformly for desktop, mobile and web applications.
Enabling access to less secure applications is done in two phases:
- June 15, 2020 - If you try to connect to less secure apps for the first time, they won't get access. This includes third-party apps that require access to Google calendars, contacts and email. Users who joined such apps before that date will be able to continue using them until Google shuts them down.
- February 15, 2021 - Google will disable access to less secure apps for all G Suite accounts.
What do you need to do?
To continue using certain third-party apps in your G Suite accounts, you'll need to switch to a more secure type of access via OAuth 2.0. This connection method allows applications to access accounts using a digital key, without requiring the disclosure of a username and password.
For organizations
We recommend that you send the user instructions (listed below) to people in your organization to help them make the necessary changes. If your organization uses custom tools, you can ask the developer of that tool to update it to add OAuth support. The developer guidelines are also listed below.
Configuring MDM
If your organization uses a mobile device management (MDM) provider to configure CalDAV, CardDAV, and Exchange ActiveSync (Google Sync) profiles, support for these services will be phased out on the following schedule:
- June 15, 2020 - MDM transfer for IMAP, CalDAV, CardDAV and Exchange ActiveSync (hereafter referred to as transfer) will not work for new users.
- February 15, 2021 - The transfer will also stop working for existing users.
Other applications
For other less secure applications, ask the developer of that application to add OAuth support. If you are using third-party applications on iOS or macOS that only access G Suite account information using a password, removing and re-adding the account should resolve most access issues. When adding an account, select Google as the account type to automatically use OAuth 2.0.
Scanners and other devices
Devices that use SMTP to send email, or less secure applications, do not require any change. But if you're going to replace your device, look for one that sends email via OAuth 2.0.
User Guidelines
From February 15, 2021, all less secure apps will start displaying an error message. This message will report that the username and password combination is incorrect. If you want to continue to access your email, calendar or contacts, switch to a more secure method by taking one of the actions below:
- If you're using standalone Outlook 2016 or earlier, switch to Office 365 (the web version of Outlook) or Outlook 2019. Both options support access via OAuth 2.0. Alternatively, you can use G Suite Sync for Microsoft Outlook.
- If you use another email client, such as Thunderbird, add your Google account again and configure it to use IMAP and OAuth.
- If you're using an email app on iOS or macOS (or Outlook for Mac) and only log in with a password, you'll need to remove and re-add your account. When you add it back, select Sign in with Google to automatically use OAuth 2.0.
Calendar
- If the app accesses your calendar through a different protocol, switch to a method that supports OAuth 2.0. The most secure app you can use to connect to your G Suite account is Google Calendar.
- If your G Suite account is linked to the Calendar app on iOS or macOS and only uses a password to log in, you'll need to remove your account from your device and re-add it. When you add it back, select Sign in with Google to automatically use OAuth 2.0.
Contacts
- If your G Suite account syncs your contacts with another platform or app, and only uses a password to sign in. Please switch to another method that supports OAuth 2.0.
- If your G Suite account syncs contacts with iOS or macOS, and uses only a password to log in, you will need to remove your account. When you add it back, select Sign in with Google to automatically use OAuth 2.0.
Applications that do not support OAuth
If the app you're using doesn't support OAuth 2.0, you'll need to switch to another app that does support OAuth 2.0, or write to your administrator to contact your app vendor and ask them to add OAuth 2.0 as a way to connect to your Google account.
Where can I get support?
If you have additional questions or need assistance, please contact G Suite support. If you contact support by phone or submit a case online, please provide the issue number 145694552.
Developer Guidelines
To maintain compatibility of your application with G Suite accounts, it needs to support the OAuth 2.0 protocol. Google has provided a guide for developers on how to use OAuth 2.0 to access Google APIs.