We all know that while using any app, security matters the most. And, Google is trying further to secure our data. Yes, they recently announced that it is all set to forbid less secure apps in the coming year to secure G Suite accounts.
From 2020, Google will limit the ability for less secure apps (LSAs) to access G Suite account data. For those who don’t know, LSAs are non-Google apps that can reach your Google account only by a username and password.
And, these apps make the account more vulnerable to hijacking attempts. You can use apps that support OAuth instead of LSAs, which is a modern and secure access method.
What is G Suite?
For those who don’t know, G Suite is Google’s suite of intelligent apps. Till the suite was re-branded in late 2016, this was formerly known as Google Apps. Primarily, G Suite was for clients needing email hosting for their business. Though, G Suite is much more than just email. Besides the variety of apps, it also includes features that can come in quite handy. You’re probably familiar with some of them or are already using them.
Primarily, G Suite includes tools such as Gmail, Docs, Drive, Sheets, Forms, Slides, Calendar, Sites, Google+, Hangouts, and Keep.
Around 12 years ago, G Suite was released as “Google Apps for Your Domain.” The initial launch included Gmail, Google Calendar, Google Talk, and Google Page Creator (now known as Sites). However, Google Apps for Education followed two months later.
Google released various tools and updates as part of its application suite over the last ten years. And then, in September of 2016, Google Apps was rebranded to G Suite, and soon after that, the company launched its first hardware product: Jamboard.
The platform, G Suite, also comprises the G Suite Marketplace (which was originally released in 2010), by which one can install third-party cloud applications to use as part of your collection of G Suite tools.
Recently, the company said in a statement,
"LSAs are non-Google apps that can access your Google account with only a username and password. They make your account more vulnerable to hijacking attempts. Instead of LSAs, you can use apps that support OAuth-a modern and secure access method."
How to Prevent Your App from Plug Off?
If you want your app not to get cut off, all the company wants from an application developer is to support OAuth, the authentication standard used by Google. It is an authorization mechanism that allows a third party authority grant application access to a service on the user's behalf.
If you are using OAuth, it means the applications request access to the API (Application Programming Interface), and after user login and consent, you receive a unique token (Code) for authentication, so the client application does not have to store the user's password.
About OAuth Authorization Mechanism
In simple words, it is an open-standard authorization framework or protocol that defines how unrelated services and servers can safely enable authenticated access to their assets even without giving the initials/Codes associated with single login credentials. In authentication parlance, it is what we call as secure, third-party, user-agent, delegated authorization.
So, Google uses this authentication system, and it wants every app developer to use it if they aspire to prevent their app from getting cut off.
Most critically, the end-users are going to be affected by such a step. Apart from that, only G Suite accounts are affected by this; for now, however, personal Google Accounts can continue to use “less secure apps” at least for the time being.
What is the Timeline?
As we mentioned above that Google is making a move towards further securing G Suite accounts by cutting off "less secure apps" or LSAs, it will start from June 2020 and will completely switch off the access in February 2021.
To be exact, G Suite accounts will no longer be able to sign in to a “less secure app” they haven’t used before starting on June 15, 2020. And, then further on February 15, 2021, all apps will cease functioning with G Suite accounts, especially those which sign in with just a username and password, with no admin policy available to reverse the change.
So, after Feb 2021, one will need to either find an alternative program or persuade the developer to offer Google’s secure sign-in method, especially if they continue to use the legacy application which doesn’t offer OAuth authorization framework to connect to the G Suite account.
Well, besides all, at the very least, Google is giving around fifteen months to all the developers to find a new solution or save the apps!