Source URL: https://www.theregister.com/2024/09/03/google_workspace_third_party_apps/
Source: Hacker News
Title: Deadline looms: Google Workspace mandates OAuth by September 30
Feedly Summary: Comments
AI Summary and Description: Yes
Summary: Google is enforcing a significant security-oriented change for Google Workspace users by discontinuing the use of “less secure apps” (LSAs), which do not support OAuth. This transition will enhance security but may require administrative intervention and communication to affected users, particularly in enterprise environments.
Detailed Description:
Google’s announcement regarding the discontinuation of “less secure apps” (LSAs) illustrates a substantial shift in how Google Workspace accounts will be accessed, moving towards improved security measures by enforcing the use of OAuth for authentication. The key points of this change include:
– **End of LSA Support**: As of September 30, Google Workspace accounts will no longer allow connections from applications that do not utilize OAuth. This means that users can no longer sign in using just a password, which significantly raises the security standard for accessing Google Workspace.
– **User Impact**:
– All Google Workspace account connections that relied on LSAs will be disabled.
– Users of popular email clients like Thunderbird, Outlook for Mac, and iOS/macOS Mail will need to reconfigure their accounts using the Google account option that supports OAuth.
– Users still running outdated software, such as Outlook 2016, will face usability challenges and should consider upgrading.
– **Mobile Device Management (MDM) Changes**:
– MDM platforms that use older protocols (IMAP, CalDAV, CardDAV, POP, Exchange ActiveSync) are also being phased out, requiring admins to reconfigure devices to use OAuth.
– This requires proactive communication from admins to users to prevent service disruptions.
– **Scanners and Other Devices**:
– Devices connected to Google Workspace accounts that send documents via email will also need reconfiguration. If not addressed, these devices will be unable to connect post-deadline.
– **Security Best Practices**:
– Google emphasizes the importance of not allowing users to sign in without additional authentication factors. This move aligns with a broader trend in enhancing security practices within enterprise environments across various platforms.
This change is pivotal for IT administrators, as it dictates urgent action to ensure that all applications and devices accessing Google Workspace are compliant with the new standards, thus fortifying their organization’s security posture.