Starting September 30, 2024, Google will no longer allow access to Gmail accounts via “less secure apps,” which are those that require only a username and password for sign-in. This change is part of Google’s ongoing effort to enhance security for its users, particularly in light of a recent increase in attacks targeting Gmail accounts.
The decision to discontinue support for these less secure apps was first announced in a Google Workspace update last year. Google has labelled the traditional sign-in method as outdated and risky, as it often involves sharing login credentials with third-party applications. This change affects all Google Workspace users and aims to protect accounts from unauthorized access.
To comply with the new security measures, users must switch to more secure authentication methods, specifically OAuth, which allows users to grant access without sharing their passwords. This means that applications using IMAP, POP, CalDAV, and CardDAV will require this more secure sign-in method to function properly.
For those using older email clients, such as Outlook 2016 or earlier, it is recommended to upgrade to Microsoft 365 or newer versions of Outlook that support OAuth. Users of Thunderbird or other email clients will need to reconfigure their accounts to ensure they are using IMAP with OAuth. Additionally, users of Mail for iOS or MacOS must ensure they are using the “Sign in with Google” option to automatically utilize OAuth.
Google has already removed the less secure apps setting from the Google Workspace Admin Console, and users who do not take action by the deadline will encounter error messages indicating that their username and password are incorrect.
This move is seen as a positive step towards improving account security, as it reduces the risk of hacks and unauthorized access. As the deadline approaches, Gmail users are urged to update their settings and ensure they are using compatible applications to maintain access to their accounts.