Google to block access for less secure apps (LSAs) to access the Gsuite account data, instead, Google recommends using apps that support OAuth.
OAuth is an authorization framework that describes how the unrelated servers and services can be access to secure data without sharing the login related information. You can find a detailed article about OAuth here.
Impacts of LSAs Turned off
The users of services like legacy email, calendar, and contact apps are to be most impacted. The turnoff to be handled in two different stages.
- At the first stage on June 15, 2020, Google to block the first time users who try to connect with an LSA apps, it includes third-party apps that allow “password-only access to Google calendars, contacts, and email via protocols such as CalDAV, CardDAV, IMAP, and Exchange ActiveSync (Google Sync).”
- Starting February 15, 2021, will be completed turned off for all the G Suite accounts.
Why Google has taken this Decision
Google has taken this decision because several users who use non-Google apps and give permissions to access G Suite data, the access to the account provided using username and password if the bad actor gets access to username and password it may results in account compromise.
It is recommended by Google using OAuth as they “get more details about the login and can validate it the same way we would with any other login to your account.”
To maintain compatibility developers are recommended to update with OAuth 2.0 as a connection method. For Scanners and other devices, no change required.
For end-users, those you using Google account with only a username and password are recommended to switch with a more secure method to access our email, calendar, or contacts.