As of September 30, 2024, Google has implemented new security rules for accessing Gmail accounts, significantly impacting how users can log in to their email using third-party apps and devices. These changes are part of Google's ongoing efforts to enhance security and protect user data.
Impact on Google Workspace Users
The new rules primarily affect users of Google Workspace, a suite of tools used by businesses and organizations. Google will no longer support access to Gmail data from apps that use less secure login methods, such as those relying solely on a username and password. Instead, users must switch to more secure authentication methods like OAuth.
For users of email clients like Outlook 2016 or earlier, Thunderbird, or Mail on iOS and macOS, specific actions are required to maintain access. For instance, Outlook users must upgrade to Microsoft 365 or the latest version of Outlook for Windows or Mac. Thunderbird users need to reconfigure their accounts to use IMAP with OAuth, while Mail users on iOS and macOS must use the 'Sign in with Google' option to enable OAuth.
App Passwords: Whats Changing?
App passwords, which are 16-digit passcodes used for less secure apps, will still be available but with certain restrictions. Users must have 2-Step Verification enabled on their Google Account to create and use app passwords. However, Google strongly recommends using 'Sign in with Google' instead, as it is more secure.
After the September 30 deadline, app passwords will continue to work for POP, IMAP, and SMTP, but users are encouraged to switch to apps that support OAuth for better security. If an app does not support OAuth, users can still create an app password, but this is not the preferred method.
Actions to Take
To avoid disruptions, users should take immediate action. For those using outdated email clients, upgrading to versions that support OAuth is crucial. If an app or device no longer supports the new security standards, users should switch to a more secure alternative.
Additionally, if a device or app that uses an app password is lost or no longer in use, users should revoke the app password to prevent unauthorized access to their Google Account.
Personal Gmail Accounts
Personal Gmail account holders are not directly impacted by these changes, although they will no longer be able to toggle IMAP settings in their Gmail account settings. Existing IMAP connections will continue to work as they are already configured to use OAuth.
Google's new security measures are part of a broader effort to enhance user security, including the introduction of passkeys and post-quantum cryptography. These changes reflect the company's commitment to protecting user data in an increasingly complex cybersecurity landscape.
