Google is Getting Rid of Password Authentication

Jul 8, 2020 | Security Products and Services | 0 comments

Google has announced that, starting February 15, 2021, it will no longer authenticate users with just usernames and passwords.


That’s right. Less secure applications that only use a username and password to grant access or permission–applications like mobile device mail applications may no longer work with Google. Many of these applications are popular on smartphones and tablets. And if you use POP, IMAP or Microsoft Exchange ActiveSync you will need to change your configurations.

Instead Google is introducing OAuth. Going forward look for devices and applications that support OAuth.

“That sounds like a pain.”

Well it might be, but it has huge advantages as well. Username and password authentication is old and worn out. It is prone to attacks. Phishing attacks target this type of authentication and it’s easy to clone or steal people’s online identities if systems only rely on usernames and passwords. As the saying goes, “An ounce of prevention is work a pound of cure.” This has never been more true than in cybersecurity.

Less secure applications (or LSAs) will no longer be allowed to connect to Google systems without something. If you use any of the following apps to connect to Google get ready for the change (or ask Atlas to help you) so you aren’t caught by surprise next February:

Are you using...Then switch to...
Apple Mail configured with POP3?Re-add your Google Account to Apple Mail and configure it to use IMAP with OAuth. This automatically initiates the connection with OAuth.
iOS Mail?Continue using iOS Mail as long as you have iOS 6.0 or later. OAuth support is automatically included in iOS 6.0 and later when you add an account using the Google option.
Outlook for Windows via password-based POP or IMAP?G Suite Sync for Microsoft Outlook (GSSMO). Web-based or latest version of Outlook.
Thunderbird?Re-add your Google Account to Thunderbird and configure it to use IMAP with OAuth. This automatically initiates the connection with OAuth.
Legacy office devices Examples: scanners and multifunctional printers that send email?Continue using legacy office devices with SMTP. Other protocols (such as POP3 and IMAP) will be blocked unless they use OAuth. Look to replace devices with new products advertising OAuth support.
Any other app?Request that the app developer update the app to use OAuth 2.0.

Check Out These Related Posts



Submit a Comment