Google’s New Gmail Security Rules Begin Today: What You Need to Know

Starting today, millions of Gmail users will encounter new password rules designed to improve the security of the world’s most widely used email service. As of September 30th, Google will no longer support apps and devices deemed “less secure,” meaning those that use only a username and password for Gmail access. Instead, users will be required to utilize more secure login methods such as OAuth for third-party apps.

Goodbye to Google Sync and Support for Less Secure Apps

If you’ve been following Google’s recent security updates, this change shouldn’t come as a surprise. Over the past year, the tech giant has pushed multiple security initiatives, from introducing passkeys for Chrome users to exploring post-quantum cryptography to prevent potential cyberattacks. Today’s shift is the culmination of a year-long warning regarding outdated login methods, including those still relying solely on usernames and passwords. This change impacts all Google Workspace accounts, where apps using protocols like IMAP, POP, CalDAV, CardDAV, and Google Sync will now require OAuth for login credentials.

Who’s Affected by Google’s New Password Rules?

These new security measures apply to all Google Workspace users. Google has already disabled the “less secure apps” setting in the Workspace admin console, streamlining the transition for account holders. While personal Gmail accounts won’t face the same restrictions, they will no longer have the option to toggle IMAP access settings, as OAuth will now handle this by default.

For Google Workspace users, Google recommends three key actions to prevent login errors:

1. If you use Outlook 2016 or an earlier version, switch to Microsoft 365 or the latest Outlook for Windows or Mac.

2. For Thunderbird or other email clients, re-add your Google account and configure it with IMAP via OAuth.

3. If you use iOS or macOS Mail, ensure you select the “Sign in with Google” option and re-add your account to enable OAuth.

Research Highlights Password Security Gaps

New research from Yubico, a security key hardware provider, underscores why Google’s crackdown on less secure apps is crucial. According to Yubico’s Global State of Authentication survey, 58% of respondents still rely on traditional username and password combinations, with many believing it’s the most secure method. Even more concerning, 22% of users have never conducted a personal cybersecurity audit. Yubico’s Vice President Derek Hanson emphasized the importance of moving away from outdated authentication methods, pointing to the need for stronger security measures globally, such as those being updated by the U.S. National Institute of Standards and Technology (NIST).