Why is this happening?
Google is ending support for Less Secure Apps (LSAs) in order to improve security for Google Workspace accounts. LSAs are third-party applications that sign in to your account using only a username and password. This method is less secure than modern authentication methods like OAuth.
Important Dates
- June 15, 2024: LSAs will be partially disabled. New connections won't be possible, but existing connections will temporarily continue working.
- September 30, 2024: LSAs will be completely disabled. All apps using password-only access will stop working.
Why you should now use OAuth.
OAuth is a more secure authentication method, and most modern apps already support it. We strongly recommend transitioning to OAuth-compatible apps whenever possible.
How to switch to OAuth in these common applications:
Email Applications
- Outlook 2016 or Earlier - Move to Microsoft 365 (formerly known as Office 365, a web-based version of Outlook) or Outlook for Windows or Mac, both of which support OAuth access.
- Thunderbird or another email client - Re-add your Google Account and configure it to use IMAP with OAuth.
- The mail app on iOS or MacOS, or Outlook for Mac and use only a password to login - You’ll need to remove and re-add your account. When you add it back, select “Sign in with Google” to automatically use OAuth.
Calendar Applications
- If you use an app that uses password based CalDAV to give access to your calendar, switch to a method that supports OAuth. We recommend the Google Calendar app as the most secure app to use with your Google Workspace account.
- If your Google Workspace account is linked to the calendar app in iOS or MacOS and uses only a password to login, you’ll need to remove and re-add your account to your device. When you add it back, select “sign in with Google” to automatically use OAuth. Read more.
Contacts Applications
- If your Google Workspace account is syncing contacts to iOS or MacOS via CardDAV and uses only a password to login, you’ll need to remove your account. When you add it back, select “sign in with Google” to automatically use OAuth. Read More.
- If your Google Workspace account is syncing contacts to any other platform or app via CardDAV and uses only a password to login, switch to a method that supports OAuth.
App Passwords
If the app you are using does not support OAuth, you should switch to an app that offers OAuth or create an app password to access these apps. An app password should work for most other applications, except if you're using Google Sync (which will be shut down in fall of 2024).
Creating an App Password
- You will first need to enable Google 2-Step. For those signing into Google with Shibboleth, you won't ever be prompted for this but you will still need to set it up.
- Once two-step is set up you'll be able to create an App Password.