On Monday, September 30, millions of Gmail users will encounter new password regulations aimed at improving the security of the world’s most widely used free email service. Google will cease to support access to Gmail account data from apps that are deemed less secure, including third-party applications and even devices that rely solely on username and password login protection. This move is part of a broader effort to bolster security, and here’s everything you need to know about these changes.
Google Ends Support for Google Sync and Less Secure Apps
For those surprised by this security overhaul, it’s worth noting that Google has been focused on enhancing password security for some time now. In fact, this particular update has been in the works for over a year. Last year, Google announced its intention to move away from outdated login methods that rely on just a username and password. Now, as the deadline approaches, Gmail users must prepare for a shift toward more secure login methods. This change is part of Google’s larger push to reduce the risk of account compromise and improve security for users of its Gmail service.
Starting from September 30, Google will no longer allow Gmail data to be accessed by apps and services that rely on less secure login methods. In particular, apps that depend on only a username and password to access Gmail accounts will no longer be supported. The aim of this change is to improve the security of Gmail accounts and prevent potential threats posed by weak or compromised passwords. The new rules apply to all Google Workspace accounts, including those that use protocols such as CalDAV, CardDAV, IMAP, POP, and Google Sync. These services will no longer accept password-based login credentials, meaning users will need to adopt a more secure method for accessing Gmail data.
Google’s Focus on Security
Google’s commitment to improving security has been evident throughout the month, as the tech giant has rolled out various new features aimed at protecting users. One of the major initiatives has been the introduction of passkeys to Chrome web browser users. These passkeys are now available across multiple platforms, including Windows, macOS, Linux, and Android, providing users with a more secure login option that doesn’t rely on passwords. Additionally, Google has been exploring post-quantum cryptography as a way to protect against future cyberattacks. This cutting-edge technology is designed to secure sensitive data against potential threats from quantum computers, which could one day be capable of breaking current encryption methods.
In the case of this specific Gmail password security update, Google has been working toward these changes for an extended period. The company has been encouraging users to adopt more secure login methods, and it issued a warning about the upcoming changes 12 months ago. Now that the deadline is approaching, users must be prepared to adjust to the new system. One of the key aspects of this update is the move away from password-based login credentials for accessing Gmail data. Instead, Google is requiring users to use a more secure authentication method known as OAuth.
What is OAuth and Why is it Important?
OAuth is a secure authorization framework that allows users to grant third-party applications limited access to their accounts without sharing their passwords. This is a significant improvement over traditional password-based login methods, as it reduces the risk of account compromise. OAuth tokens are used to authorize access, and these tokens are much harder for hackers to steal or exploit compared to passwords. By requiring apps to use OAuth for accessing Gmail data, Google is ensuring that users’ accounts are better protected against potential cyberattacks.
For users of Google Workspace accounts, this change will have a significant impact. Apps that previously used CalDAV, CardDAV, IMAP, POP, or Google Sync to access Gmail data will no longer be able to rely on password-based authentication. Instead, they must use OAuth to gain access. This means that users will need to update their apps and services to ensure they are compatible with the new system. While this may require some effort, the result will be a more secure and protected Gmail account.
Why Google is Making These Changes
The move away from password-based login methods is part of Google’s broader effort to improve the security of its services. Passwords have long been considered a weak point in online security, as they are often easy to guess or steal. In many cases, users choose weak passwords that are easily cracked by hackers, or they reuse the same password across multiple accounts, increasing the risk of compromise. Even strong passwords can be vulnerable to phishing attacks or other forms of cybercrime.
By requiring users to adopt more secure login methods, such as OAuth, Google is reducing the likelihood of these types of attacks. OAuth tokens are far more secure than passwords, as they are harder to steal and cannot be reused across multiple accounts. Additionally, OAuth allows users to grant limited access to their accounts, meaning that third-party apps can only access the data they need without gaining full control of the account.
How to Prepare for the New Gmail Password Rules
If you are a Gmail user who relies on third-party apps or services to access your email, it’s important to take action before September 30. The first step is to review the apps and services you currently use to access your Gmail account. If any of these apps rely on password-based login credentials, you will need to update them to use OAuth instead. Most modern apps already support OAuth, but if you are using an older app, you may need to switch to a more secure option.
Google has provided detailed instructions on how to update your apps and services to comply with the new rules. It’s a good idea to review these instructions and ensure that all of your apps are up-to-date before the deadline. Failure to do so could result in losing access to your Gmail account from these apps.
For users who are concerned about the security of their accounts, Google also recommends enabling two-factor authentication (2FA). This adds an extra layer of security to your account by requiring you to enter a code sent to your phone in addition to your password. With 2FA enabled, even if someone manages to steal your password, they won’t be able to access your account without the additional code.
Conclusion
As September 30 approaches, Gmail users should be prepared for significant changes to the way they access their accounts. Google’s new password rules are designed to improve security by requiring apps and services to use OAuth instead of password-based login methods. This change applies to all Google Workspace accounts, and it affects apps that use protocols such as CalDAV, CardDAV, IMAP, POP, and Google Sync. While the update may require some effort, it will ultimately result in a more secure and protected Gmail account. Users are encouraged to review their apps and services and ensure they are compatible with the new rules before the deadline arrives.