Google Workspace and Gmail will no longer support login via login and password in programs, only OAuth will remain

Google Workspace and Gmail will gradually stop supporting the sign-in method used by third-party apps and devices that require you to provide your Google username and password. This method, known as Less Secure Apps (LSA), is considered outdated and poses additional security risks, as it involves the transfer of Google account data to third-party programs and devices. To improve user security, Google is switching to a more secure sign-in method. However, this also means that older apps will not be able to access Google Workspace.

LSA will be phased out in two stages:

Starting June 15, 2024: The LSA settings will be removed from the admin console and it will no longer be possible to change these settings. Users who have enabled LSAs will be able to continue to connect during this period, but those who have not will lose access. This applies to all third-party applications that require password-only access to Gmail, Google Calendar, Contacts, and other services using protocols such as CalDAV, CardDAV, IMAP, SMTP, and POP. Additionally, the IMAP enable/disable setting will be removed from Gmail settings.

Starting September 30, 2024: LSA access will be completely disabled for all Google Workspace accounts. Protocols such as CalDAV, CardDAV, IMAP, POP, and Google Sync will no longer work with a password alone. Users will need to sign in using a more secure method called OAuth.

As part of this change, Google Sync will also be closed:

• Starting June 15, 2024: New users will not be able to connect to Google Workspace via Google Sync.
• September 30, 2024: Existing Google Sync users will no longer be able to connect to Google Workspace.

Google advises administrators and end users to switch to OAuth for a more secure type of access. This requires reconfiguring or re-adding accounts in email, calendar, and contact apps to use OAuth. Mobile device management (MDM) providers will also need to adapt to these changes by promoting Google accounts using OAuth.

For scanners and other devices that use SMTP or LSA to send emails, alternatives or configurations using OAuth or App Passwords will be required.

Developers and users with personal Google accounts will see the IMAP on/off toggle removed from Gmail settings in the coming weeks, as IMAP access is always enabled via OAuth.