Google to End Password-Only Access for Third-Party Apps Starting September 30, 2024

Google will stop allowing third-party apps to use only a username and password starting on September 30, 2024. This change aims to improve security. Users will need to use a safer method called OAuth.

What is OAuth?

OAuth is a secure way for apps to connect to Google accounts without sharing passwords. It protects personal information. Instead of giving their password to an app, users will sign in directly with their Google account. This helps keep accounts safe from hacking.

Why Is Google Making This Change?

Google cares about security. Many users share passwords with third-party apps. This practice can put their accounts at risk. Hackers can easily access these accounts if they get a password. By using OAuth, Google reduces the threat of unauthorized access.

Timeline of Changes

Google will make changes in two big steps:

1. June 15, 2024: Google will remove the option for admins to enable password-only access. Users who need to connect will still be able to do so but only during this time. After this date, users who are not allowed to use password access will be blocked.
2. September 30, 2024: All access using just a password will stop for every Google Workspace account. After this date, all syncing services relying on password-only access will cease to work.

Who Will Be Affected?

Both administrators and users will need to take action. Admins have to guide users in switching to OAuth. If users rely on apps that log in with just a password, they will need to change how they connect to their Google accounts. This change will affect every Google Workspace customer.

What Users Need to Do

Users must update their apps to work with OAuth. Those using apps like Outlook 2016 or earlier must switch to newer versions that support OAuth. Here are a few steps users can take:

• Outlook Users: If you use Outlook 2016 or earlier, switch to Microsoft 365 or Outlook for Windows or Mac. These newer versions support OAuth.
• Thunderbird Users: For users of Thunderbird or any other email client, re-add your Google account using IMAP with OAuth. This method keeps your information secure.
• iOS/Mac Mail Users: If the email app on your iOS or Mac uses only a password, remove and re-add your account. When adding, select “Sign in with Google” to automatically switch to OAuth.
• Calendar Users: If you access Google Calendar through apps that use password-based access, consider using the Google Calendar app for the best security.

What About Developers?

Developers who create applications need to migrate to OAuth 2.0. This change is crucial to maintain access to Google Workspace accounts. They should follow the Google developer guide to learn how to implement OAuth for their apps.

Users with Personal Accounts

If you have a personal Google account, no action is needed. Google will continue to support OAuth, and current access will remain unaffected. However, admins managing Google Workspace will not be able to adjust IMAP settings, as these will now always be enabled through OAuth.

Other Considerations

Businesses using mobile device management (MDM) tools will need to adjust as well. They will not be able to push settings that depend on password-only access after the specified dates. It is crucial for IT departments to prepare for this change.

Scanners and other devices using SMTP need updates too. Users must change their settings to use OAuth or switch to alternative methods.

Conclusion

The end of password-only access for third-party apps marks a significant shift in how Google enhances security. This change affects a wide range of users, including businesses and individual users. Everyone should prepare ahead of the set deadlines. Switching to OAuth will ensure that apps remain functional and secure. Taking these actions will protect against data breaches and account hacks. As the deadline approaches, users need to follow provided instructions to maintain safe access to their Google services.