Announcement by G Suite Regarding OAuth2 Authentication?
The G Suite Team has recently announced that it will be turning off access to less secure apps which are also known as LSA that use only username and password to access Google accounts.
To be more precise, from February 15, 2021, only those apps that use OAuth2 Authentication will be able to access G Suite.
No app will be able to access a G Suite account using password-based Authentication
In the blog that follows, we shall be focusing on the pointers such as (but not limited to) –
- What are less secure apps and what dangers they pose?
- What is OAuth Authentication and a little about how it works?
- Why is G Suite Focusing So Much on OAuth2 Authentication, and how it can be helpful?
What Are Less Secure Apps, And How Can They Be Dangerous?
Less secure apps are non-Google apps. These apps can access your Google account using your username and password. There is no additional verification process in place that can bar them from accessing your Google account.
When there is no additional verification, your Google account can easily be compromised, hijackers and hackers can easily make attempts to hack into your Google account.
Why’s Google Banning Less Secure Apps And Moving To OAuth
Starting from June 15, 2020, first time LSA (less secure app) users will no longer be able to access Google account. LSA users before the aforementioned date will be able to continue until access is turned off for all less secure apps.
You must be wondering why Google is becoming so stringent with its OAuth Norms. That’s because third-party apps or less secure apps can access information such as –
- Name, email ID and profile picture. You tend to give such access when you sign in to an app using Google.
- Contacts, Photos, playlists, etc. Now, when you give an app permission to access this information, it might even create a copy of the same.
- Apart from above, there are some apps that may even create content on your behalf too. There are several film editing apps for instance or event planning apps that create, edit and upload content.
Not to forget apps can have access to a lot of sensitive data that resides in your Gmail account, Google Drive, Google Calendar and Contacts.
When Things Can Go Out Of Your Hands
Things can get dangerous when the server of a less secure app gets hacked. In that scenario, all your sensitive data might go in the hands of hackers. And, since after being hacked, the data gets placed on to a server that does not belong to Google, it can’t be protected. You, thereby, risk your data privacy and security.
It is for this reason why G Suite has come up with OAuth2 Authentication. But, before we delve into more details about OAuth2 Authentication. Here is how you can quickly control or remove access from apps that are considered less secure by Google.
Google Account > Security (left navigation panel) > Third-party apps with account access panel > Manage third-party access
Now, select the app from whom you don’t want to grant access, and select Remove access.
What is OAuth2 Authentication?
In simple terms, OAuth2 Authentication is an advanced and secure way of giving any app the authorization to your account. It authorizes third-party applications such as Facebook and Instagram to gain access to your account without compromising your password. This happens because the third party application only gets an OAuth token with the help of which it can access your account.
And, the best part is you have the power to revoke the token.
What Can You Do
Apps such as Gmail, Facebook, Office365, Windows Mail, PayPal, Instagram, Amazon, and Basecamp use OAuth2 Authentication. But, if you are using an app that uses only username and password to access Google account, here are certain things you can do –
Email Users
- For all standalone Outlook users who are using Outlook 2016 or earlier, it is advisable that you move to Office 365 or Outlook 2019. You could also use G Suite Sync for Microsoft Outlook
- For Thunderbird or other email clients – you can re-add Google Account and configure it using IMAP with OAuth
- For iOS and macOS mail app users – if you use only a password to log in, you will have to remove and re-add your account. Once that’s done, select “Sign in with Google”. You will now be able to use OAuth2 Authentication automatically
Calendar Users
- Use a Google Calendar app instead of CalDAV with your G Suite account
- For iOS and macOS users – if your G Suite account is connected to the iOS or Mac calendar app and you use just your password to log in, you will have to remove your account and re-add to your device again
Note: If you don’t switch to an OAuth compliant apps by February 15, 2021 you will start receiving an error message that your username-password combination is incorrect.
The Bottomline
OAuth2 Authentication is a step being taken by Google to cement and preserve data privacy and security. If the app that you are using doesn’t use OAuth, you will have to switch to one that offers OAuth. You can even ask the developer of the app to start supporting OAuth.
We hope you found the blog to be useful and if there is more that you want us to add, do let us know in the comments section. For more such content, stay tuned to Systweak blogs.