Google has introduced new security rules for accessing Gmail accounts, effective as of September 30, 2024. These changes are part of a broader effort to enhance security and protect users from less secure app access methods.
Impact on Google Workspace Users
The new rules primarily affect users of Google Workspace accounts. Google will no longer support access to Gmail data from apps that use only a username and password for authentication. This includes protocols such as IMAP, POP, CalDAV, CardDAV, and Google Sync, which will no longer support password-based login credentials.
Users of Google Workspace must now use more secure authentication methods, such as OAuth, to access their Gmail accounts. This change is aimed at reducing the risk of account compromise by phasing out the less secure username and password authentication method.
Actions Required for Users
To avoid disruptions, users need to take several steps. If you use Outlook 2016 or earlier, you must upgrade to Microsoft 365 or Outlook for Windows or Mac. For users of Thunderbird or other email clients, you need to re-add your Google account and configure it to use IMAP with OAuth. Similarly, if you use Mail on iOS or macOS, you must remove and then re-add your account using the sign-in with Google option to enable OAuth.
App Passwords and 2-Step Verification
For users who rely on app passwords, it is crucial to note that these passwords will still be supported, but only if 2-Step Verification is enabled on the Google account. When 2-Step Verification is set up, users can generate app passwords, which can be used in place of regular passwords for specific apps or devices.
However, it's important to remember that changing your Google account password will revoke all existing app passwords, requiring you to create new ones.
Personal Gmail Accounts
Personal Gmail account holders are not directly impacted by these changes, although they will no longer be able to toggle IMAP access from their Gmail account settings. IMAP access for personal accounts will always be enabled over OAuth, and current connections will not be affected.
Google's move to enhance security reflects a broader trend in the tech industry to prioritize user security and protect against cyber threats. Users are advised to stay informed and adapt to these changes to ensure uninterrupted access to their Gmail accounts.
