Jakarta, Indonesia Sentinel — On Monday, September 30, millions of Gmail users will face new password security rules aimed at enhancing the safety of the world’s most popular free email service. Google will no longer support access to Gmail account data from apps that are considered less secure, including third party apps or devices that only use basic login credentials like a username and password.
This change is part of Google’s ongoing efforts to eliminate what it calls an “outdated sign-in method,” which puts Gmail users at a higher risk of unauthorized access by sharing credentials with third-party apps and devices. The update affects all Google Workspace users, who will now be required to use a more secure access method to log in to apps that request access to Gmail data. That secure access method is OAuth.
Google explained, “You will need to login with a more secure type of access called OAuth.” This change applies to all Google Workspace accounts, including apps that rely on CalDAV, CardDAV, IMAP, POP, and Google Sync. These services will no longer support logins that rely solely on passwords.
What is OAuth?
OAuth is an open standard authorization protocol designed to provide more secure access. Unlike traditional username and password authentication, OAuth allows apps or services to access your data without directly sharing your password with them.
Instead of giving a third-party app or service your password, OAuth enables you to authenticate through Google or another provider that supports OAuth. The app or service then receives an authentication token, allowing it access without exposing your login credentials.
Google to End Third-Party App Login Access Starting September 30, What Should User Do?
This shift to OAuth is part of broader security measures applied to all Google Workspace tools. Google has already removed the “less secure apps” option from the Workspace admin console to ease the transition for users by preventing the creation of new accounts that rely on outdated methods.
Generate App Passwords
For those impacted by the September 30 changes, Google will also phase out support for “Less Secure Apps.” As a result, some users may find themselves unable to access Gmail data via third-party apps. While many users will switch to OAuth, others may opt for “App Passwords.”
An App Password is a unique 16-digit code that allows third-party apps, services, or devices to access a Google account. However, this option requires two-step verification to be enabled on your account.
Here’s how to create an app password:
- Sign in to your Google Account.
- Go to the Security section.
- Under “Signing in to Google,” select 2-step verification.
- Scroll to the bottom and select “App passwords.”
- Give the password a name for identification purposes.
- Click “Generate.”
- Follow the prompts and select “Done.”
Users can then use the generated app password to authenticate third-party apps with their Google accounts. Going forward, affected users could still be able to connect to third party apps using OAuth or app passwords to maintain secure access.
(Raidi/Agung)