Google’s new Gmail password policy – you have 24 hours to comply

New Gmail password rules go into effect on September 30

SOPA/LightRocket images via Getty Images

On Monday, September 30, millions of Gmail users will have to face new password rules while commuting to work, designed to make their use of the world’s most popular free email service more secure. Google will no longer allow access to Gmail account data from apps deemed less secure, from third parties, or even from devices protected only by a username and password. Here’s what you need to know.

We’re saying goodbye to Google Sync and saying goodbye to support for less secure apps for Gmail users

If the news that Google is making massive changes to password security around the world is a surprise, you haven’t been paying attention. From making keys available to Chrome browser users on Windows, macOS, Linux and Android to post-quantum cryptography to prevent attacks, Google has been focusing on security all month long. As for this particular Gmail password security update, Google has been working on it for 12 months now, since it announced it a year ago. To get rid of the outdated login method of username and password and thus reduce the risk of security breaches for Gmail users, Google is requiring all Google Workspace customers to log in using a more secure access type for applications wanting to access Gmail data. The access methodology is OAuth, which you can learn more about in this article warning about upcoming changes. The new Gmail password rules apply to all Google Workspace accounts, with CalDAV, CardDAV, IMAP, POP, and Google Sync no longer supporting password-based logins.

ForbesGmail adds security verification for iPhone and Android usersBy Davey Winder

Gmail will soon become more secure for millions of users

Google/Davey Winder

Which Gmail users are affected by the new app password deadline?

New security policies regarding access to Gmail data from less secure applications apply to all customers using the Google Workspace suite of tools. Indeed, the Less Secure Apps setting has already been removed from the Google Workspace admin console to ease the transition by disabling adding new accounts using this method. This does not affect holders of personal Gmail accounts, although they will no longer be able to switch the webmail access protocol, better known as IMAP, from their Gmail account settings, as Google said: “IMAP access is always enabled via OAuth and your current connections will not be have an impact.” For users, not administrators, of Gmail accounts in Google Workspace, Google recommends taking a number of steps to avoid receiving the “Username and password are incorrect” error message.

If you’re using Outlook 2016 or earlier, you’ll need to upgrade to Microsoft 365 or Outlook for Windows or Mac.
If you use Thunderbird or another email client, you’ll need to re-add your Google account and configure it to use IMAP with OAuth.
If you’re using Mail on iOS or macOS, you’ll need to use Sign In with Google to enable OAuth. This will require deleting and re-adding your account.

ForbesGoogle announces new Gmail security step for millionsBy Davey Winder