Allowing less secure apps to access your account
Google is removing support for Less Secure Apps (LSAs) for all Google Workspace accounts as of September 30, 2024. This means that any app or device that uses only a username and password for authentication (without OAuth) will no longer be able to connect.
This change affects protocols such as IMAP, POP, SMTP, CalDAV, CardDAV, and Google Sync.
What This Means
- Access to LSAs has already been phased out, and you may notice that the option to enable LSAs is no longer available in your Admin console.
- To continue using applications like Thunderbird, Outlook, or iOS/macOS Mail, you must reconfigure them to use OAuth 2.0. For modern apps, this typically involves selecting "Sign in with Google" instead of entering your username and password directly.
- If you use devices such as scanners or legacy systems that relied on basic authentication, they will also need to be reconfigured to use OAuth or another supported protocol.
Recommendations
- Upgrade to OAuth 2.0: Reconfigure affected applications to use OAuth 2.0 for authentication. Most modern email clients (e.g., newer versions of Outlook) support this method.
- Use App Passwords: If OAuth isn’t an option and you have two-factor authentication enabled, consider generating an App Password as a temporary solution for specific apps.
- Migrate to Supported Services: For legacy devices and software that cannot use OAuth, consider switching to an updated service that supports modern authentication.
Next Steps
Review your Google Workspace accounts and third-party applications to ensure they are using OAuth 2.0 by the September deadline to avoid service disruptions.
For detailed guidance, refer to Google’s official documentation or contact our team for assistance.