The clock is ticking for businesses using what Google defines as a "less secure app" (LSA) to access services like its G Suite mail, calendar and contacts. New accounts will be blocked from using LSAs from June 15 2020, and all access will be disabled on February 15 2021. Show Google's latest announcement is specific to G Suite, the business version of these productivity services. The company is also keen that users of the free consumer service avoid LSAs, but the new deadlines do not necessarily apply. What is an LSA? The company says "non-Google apps that can access your Google account with only a username and password." In practice, it seems to mean any app that does not support OAuth. Using OAuth means that applications request access to the API and, after user login and consent, receive a unique token for authentication. This means that the client application does not have to store the user's password, but only the token. Users can also revoke access to that specific application. The difficulty for some users is that there are still plenty of applications that do not support OAuth. Microsoft Outlook only gained this capability with the latest version, Outlook 2019, or an up-to-date Outlook 365 for Office 365 users. Users with older versions of Outlook can use an Outlook sync client to synchronize email between G Suite and Outlook. Another scenario is where users have a mail client that was originally set up to use username and password, and this setting has persisted through upgrades, even though the latest version does support OAuth. In these cases, the account will give errors after the deadline passes, but this can be fixed by removing and re-adding the account using OAuth. In iOS Mail, for example, this means choosing the Google account type for your mail, calendar or contacts. Curiously, Google's guidance states that: "No change is required for scanners or other devices using simple mail transfer protocol (SMTP) or LSAs to send emails." The guidance for this recommends using the G Suite SMTP relay service using either a configured static IP address or: "Your full G Suite email address () and password when relaying through ports 587 and 465." In the latter case this looks like a weakness in the G Suite security plans, particularly as scanners are in general not noted for secure password storage. A dedicated, limited access scanner account would make sense here. The guidance does say, "If you replace your device, look for one that sends email using OAuth." That, or the static IP idea, look like better solutions. Is Google pushing better security practice, or steering users towards its own browser-based client applications and away from alternatives? Probably more the former, though changes like this do put pressure on users. Note that adopting two-factor authentication is also substantially more secure, and in this case access from LSAs is automatically disabled for both G Suite and consumer accounts. ® Blocking sign-ins from Less secure apps helps keep accounts safe. For these reasons, Google is limiting password-based programmatic sign-ins to Google Accounts. This may have an impact on older email clients that don't support OAuth2 and other applications that don't offer the "sign in with Google" option. This also affects accounts that have been configured to "Send Mail As" from another account. Start using alternatives to less secure apps as soon as possible. If you are having an issue with an email client, You can still access your email and calendar using the Gmail app via your browser. Go to mail.google.com to sign in. Note: When 2-step Verification is turned on for an account, access to less secure apps is automatically disabled. We encourage local IT to be involved with updating their users' clients so that any necessary configurations can be preserved. ETS can assist with setting up the recommended/supported clients. Check the settings for commonly used email clients, like Outlook, Thunderbird and Apple Mail. Outlook
Thunderbird
Apple Mail (Catalina macOS or later)
* For older Apple Mail versions (Mojave and earlier), follow the steps outlines in the 'Alternatives to Less secure apps - App Passwords' section below. If you prefer to upgrade Apple Mail instead, you need to upgrade your macOS. Please consult with your local IT team before upgrading your macOS. Alternatives to Less secure apps - App Passwords If you're using an application or email client that does not support OAuth2, you can use Google's App Passwords feature. In order to use this feature, you must first enable Google's 2-Step Verification.
How do I unblock less secure apps on Google?Turn off "Less secure app access"
Go to the Less secure app access section of your Google Account. You might need to sign in. Turn Allow less secure apps off.
How do I enable less secure apps on my Google Account?Manage access to less secure apps. Sign in to your Google Admin console. ... . In the Admin console, go to Menu Security Access and data control. ... . To apply the setting to everyone, leave the top organizational unit selected. ... . Select the setting for less secure apps: ... . Click Save.. How do I stop Google from blocking an app?If you have to allow an application to access your Google account, you can disable this security block.. Sign in to Gmail.. Click here to access Less Secure App Access in My Account.. Next to “Allow less secure apps: OFF,” select the toggle switch to turn ON.. How do I enable less secure apps access 2022?As of May 30 2022 google has removed the less secure apps option. There is no way to turn this on as it no longer exists. Enable 2fa on your google account and create an apps password and use that in place of your true password in your code.
|