Trong thời đại “Big Data” thì các kho dữ liệu (Data Warehouse) truyền thống gặp…
Limit access to less secure apps to protect your G Suite account
What’s changing
On October 30, 2019, we will begin removing the installation “Enforce access to less secure apps for all users” from the Google Admin console. This setting will disappear from your Admin dashboard later this year.
If you let install “Enforce access to less secure apps for all users” for your domain name, when our change happens we will automatically select it “Allow users to manage their access to less secure apps” for replacement. You no longer have the option to enforce access to LSAs at the domain level.
According to this change, if you “Allow users to manage their access to less secure apps”, users will still have the option to access LSAs, as long as the “Less secure app access” is installed in the user account. To minimize disruption in domains we have automatically changed the setting from “Enforce access” to “Allow users to manage their access”, this setting will be enabled by default at the time of change for all also active LSAs users.
If a user has previously chosen to allow LSAs to access their account, but sometimes no LSAs connect to their account, we will disable this setting for them in their user account. They can turn this setting back on at any time myaccount.google.com/lesssecureapps (as long as their admin allows them to do so).
Who is affected?
Admins and end users
Why is it important?
We're making this change to protect your users. LSAs connect to Google accounts using a username and password, making them vulnerable to attacks. Whenever possible, users should connect to their accounts via OAuth, a more secure method. OAuth allows third-party apps to use Google account information without the user's password, and it gives administrators security controls like the ability to whitelist apps certain and provide scope-based account access
Visit the Help Center to learn more about how to manage OAuth-based access to connected applications.
How to get started
- Admins: No action is required, but we recommend following the following:
-
- If you currently enforce access to LSAs in your domain, change your settings to disable access or allow users to manage their access as soon as possible, as LSAs can can make your Google account vulnerable to attack.
- Encourage your users to use OAuth-based protocols (like OAuth-based IMAP) to grant non-Google apps access to their Google accounts, including email, calendar, and contacts
- Review our list of replacements for these less secure application.
- Your users and internal support need to prepare for this change.
- Update any user guides you previously prepared to recommend the use of OAuth or to instruct users on how to enable LSAs.
- End users: visit the Help Center to Learn more about LSAs and your account.
Additional details
Below are frequently asked questions. .
What is a less secure application (LSA)?
A less secure app (LSA) is an app that connects to a Google account using a username and password for access and does not have OAuth. In general, you should only allow your users to use external applications that connect to their Google account via OAuth, because LSAs leave the user's Google account vulnerable to attack.
I have an application that cannot use OAuth; What can I do?
Select the “Allow users to manage their access to less secure apps” option in the Admin console, and ensure that the users who need to use applications allow “Less secure app access” at myaccount.google.com/lesssecureapps. We also recommend that you contact the developers of the applications and ask them to provide OAuth support, as this is a more secure option.
Source: Gimasys