Is this message from G Suite about OAuth spam?
No, the message is real, unfortunately many users aren’t aware of what OAuth is and how it impacts their usage of G Suite. Depending upon how you access your G suite account items ( calendars, email, groups, etc. ) you may need to make some changes.
How does OAuth Affect My G-Suite Account?
G Suite is switching to a type of authentication called “OAuth”, which uses a digital key instead of a password to access your account. This is vastly more secure.
First of all, some good news! This change only applies if you are using a third-party “less secure app” for email or calendar access. In this case, the “less secure app” (LSA) means that you login to your G Suite account using only a username and password.
If you access your email and calendar through the web browser or Google apps on your phone, this will not impact you at all!
What Are These Less Secure Apps (LSA)?
Here are some examples of less secure apps and alternatives direct from Google:
Less Secure Apps
Apple Mail configured with POP3
Re-add your Google Account to Apple Mail and configure it to use IMAP with OAuth.This automatically initiates the connection with OAuth.
Continue using iOS Mail as long as you have iOS 6.0 or later.
OAuth support is automatically included in iOS 6.0 and later when you add an account using the Google option
Outlook for Windows via
password-based POP or IMAP
Move to Office 365 (a web-based version of Outlook) or Outlook 2019, both of which support OAuth access.
Re-add your Google Account to Thunderbird and configure it to use IMAP with OAuth.
This automatically initiates the connection with OAuth
Legacy office devices
Examples: scanners and multifunctional printers that send email
Continue using legacy office devices with SMTP. Other protocols (such as POP3 and IMAP) will be blocked unless they use OAuth.
Request that the app developer update the app to use OAuth 2.0.
What Do I Do About Existing Accounts?
You’ll notice that this is going to happen in two stages:
- June 15, 2020 – Users who try to connect to an LSA for the first time (aka create a new account in an LSA) will no longer be able to do so.
- This includes third-party apps that allow password-only access to Google calendars, contacts, and email via protocols such as CalDAV, CardDAV and IMAP.
- Users who have connected to LSAs prior to this date will be able to continue using them until usage of all LSAs is turned off.
- February 15, 2021 – Access to LSAs will be turned off for all G Suite accounts.
This means that your existing users who are currently using an LSA (like Outlook), won’t have any impact for more than 14 months. BUT on February 15, 2021, those accounts will stop functioning. So you will want to do something about this before that date.
We recommend doing now, what is suggest below for new accounts. Don’t wait to take care of this until the last minute.
What Do I Do About New Accounts?
New accounts should really get up-to-speed right away! One of these options will need to be implemented:
- If you are using stand-alone Outlook 2016 or earlier, move to Office 365 (a web-based version of Outlook) or Outlook 2019, both of which support OAuth access.
- If you are using Thunderbird or another email client, re-add your Google Account and configure it to use IMAP with OAuth.
- If you are using the mail app on iOS or MacOS, or Outlook for Mac, and use only a password to login, you’ll need to remove and re-add your account. When you add it back, select “sign in with Google” to automatically use OAuth.