Skip to main content
Submit a request

New to OIT Service Center? Register for an account

Need a password reminder?

Less Secure Apps (LSA) Deprecation: What You Need to Know - Knowledgebase / Email and Collaboration / Google Apps - OIT Service Center

This Article Category Knowledgebase

Less Secure Apps (LSA) Deprecation: What You Need to Know

Authors list
  • Last updated: May 15, 2024 by Kyle Oliveira

Why is this happening?

Google is ending support for Less Secure Apps (LSAs) in order to improve security for Google Workspace accounts. LSAs are third-party applications that sign in to your account using only a username and password. This method is less secure than modern authentication methods like OAuth.

Important Dates

  • June 15, 2024: LSAs will be partially disabled. New connections won't be possible, but existing connections will temporarily continue working.
  • September 30, 2024: LSAs will be completely disabled. All apps using password-only access will stop working.

Why you should now use OAuth.

OAuth is a more secure authentication method, and most modern apps already support it. We strongly recommend transitioning to OAuth-compatible apps whenever possible.

How to switch to OAuth in these common applications:

Email Applications

  • Outlook 2016 or Earlier - Move to Microsoft 365 (formerly known as Office 365, a web-based version of Outlook) or Outlook for Windows or Mac, both of which support OAuth access. 
  • Thunderbird or another email client - Re-add your Google Account and configure it to use IMAP with OAuth.
  • The mail app on iOS or MacOS, or Outlook for Mac and use only a password to login - You’ll need to remove and re-add your account. When you add it back, select “Sign in with Google” to automatically use OAuth.

Calendar Applications

  • If you use an app that uses password based CalDAV to give access to your calendar, switch to a method that supports OAuth. We recommend the Google Calendar app as the most secure app to use with your Google Workspace account.
  • If your Google Workspace account is linked to the calendar app in iOS or MacOS and uses only a password to login, you’ll need to remove and re-add your account to your device. When you add it back, select “sign in with Google” to automatically use OAuth. Read more.

Contacts Applications

  • If your Google Workspace account is syncing contacts to iOS or MacOS via CardDAV and uses only a password to login, you’ll need to remove your account. When you add it back, select “sign in with Google” to automatically use OAuth. Read More.
  • If your Google Workspace account is syncing contacts to any other platform or app via CardDAV and uses only a password to login, switch to a method that supports OAuth.

App Passwords

If the app you are using does not support OAuth, you should switch to an app that offers OAuth or create an app password to access these apps. An app password should work for most other applications, except if you're using Google Sync (which will be shut down in fall of 2024). 

Creating an App Password

  1. You will first need to enable Google 2-Step. For those signing into Google with Shibboleth, you won't ever be prompted for this but you will still need to set it up.
  2. Once two-step is set up you'll be able to create an App Password.
Helpful Unhelpful

3 of 7 people found this page helpful

Send us a note about this article

This Article Category Knowledgebase
Author
Kyle Oliveira

Contact the OIT Service Center

Phone: 401-863-4357

Email: help@brown.edu

Location: Page Robinson Hall - 69 Brown St., Room 510

See our availability

https://it.brown.edu/get-help

Walk-ins Welcome! Appointments recommended.

For reserved service for a technical consult or a loaner check-out, you can schedule an appointment here.

Reporting an IT Outage?

Report an Outage


 Service Status & Alerts   Phishing Warnings