Millions of Gmail users will face new password rules designed to make using the world’s most popular free email service more secure on Monday, Sept. 30, as they head to work. Google will no longer support access to Gmail account data from apps deemed less secure, from a third party or even from devices that are only login-protected by a username and password. Here’s what you need to know.
If news that Google is undertaking a massive shake-up of password security across the board is a surprise, you haven’t been paying attention. From the introduction of passkeys to Chrome web browser users across Windows, macOS, Linux and Android users, to post-quantum cryptography for attack prevention, Google has been hot on security all month.
Regarding this specific Gmail password security update, Google has been hot-to-trot for 12 months since giving notice a year ago. To do away with the antiquated sign-in method that is username and password, and so reduce the risk of compromise for Gmail users, Google is requiring all Google Workspace customers to login with a more secure type of access for apps wanting access to Gmail data.
That access methodology is OAuth, which you can learn more about in this article warning about the forthcoming changes. The new Gmail app access password rules apply to all Google Workspace accounts, with CalDAV, CardDAV, IMAP, POP and Google Sync no longer supporting a password-based login credential.