[Announcement] Google stops supporting the Less Secure App feature on Google Workspace

To enhance the security of user accounts, Google will stop supporting the “Less Secure Apps” feature on Google Workspace from September 30, 2024. According to Google’s official announcement, “Third-party applications that use only passwords to access Google Accounts and Google Sync will no longer be supported.” This means that applications that use only passwords to access Google Workspace will no longer work, in order to protect users from potential security risks.

Why Google is deprecating this feature

As part of Google's commitment to user security, Google Workspace will no longer support sign-in methods for third-party apps or devices that require users to share their Google username and password.

This outdated sign-in method, called Less Secure Apps, puts users at additional risk because it requires sharing Google Account credentials with third-party apps and devices and poses risks such as

• Increased risk of attack: Insecure apps often lack modern security measures, leaving your account vulnerable to hackers.
• Vulnerable to information theft: If a less secure app is compromised, your Google account credentials could be stolen.
• Difficult to control access: By enabling “Less secure apps,” you allow multiple apps to access your account without proper verification, making it difficult to control access.

We can use Sign in with Google, which is a safer and more secure way to sync your customers' email with other apps. Sign in with Google takes advantage of the authentication method Industry Standard OAuth  and more secure has been used by the majority of third-party applications and devices.

Discontinuing support for the “Less secure apps” feature is an important step in strengthening the security of users’ Google accounts.

Action required

The discontinuation of support for the “Less Secure Apps” (LSA) feature will affect many applications and services, especially those that use the CalDAV, CardDAV, IMAP, POP, and Google Sync protocols. Among them, Outlook users will likely be the most inconvenienced due to the popularity of this application.

To ensure a smooth transition, Google has provided some recommended steps:

For customers using Outlook 2016 or earlier

Switch to using Microsoft 365 (formerly known as Office 365, the web-based version of Office) or Outlook for Windows or Mac, both of which support OAuth access.
– Outlook for Windows User Guide 
Additionally, you can use
– Google Workspace Sync for Microsoft Outlook 

For customers using Thunderbird or another email application

Re-add your Google Account and configure it to use IMAP with OAuth.

For customers using the Mail app on iOS or macOS or Outlook for Mac and using only a password to sign in

You will need to remove and re-add your account. When you re-add it, select “Sign in with Google” to automatically use OAuth.

Conclusion

Google's decision to discontinue support for the "Less Secure Apps" feature on Google Workspace from September 30, 2024 is an important step in enhancing the security of user accounts. To ensure a smooth transition and avoid disruptions to work, users should proactively update their applications and devices to use more secure authentication methods. If you have any questions or need advice or technical support, please contact Gimasys, a Google Cloud Premier partner in Vietnam, for the most dedicated and professional support.