Google announced a new policy going into effect that impacts any third-party application that connects to a Google account using less secure settings.
Starting September 30, 2024, Google Workspace accounts will only allow OAuth access to apps. Password-based access (with the exception of App Passwords) will no longer be supported.
POP and IMAP are NOT going away and can still be enabled with apps that connect using OAuth.
Google will be turning off access to less secure apps (LSA) — non-Google apps that can access Google accounts with only a username and password (basic authentication) starting June 15, 2024. Access through basic authentication makes accounts more vulnerable to hijacking attempts.
Moving forward, only apps that support a more modern and secure access method called OAuth will be able to access Google Workspace accounts.
The video above features Shawn Elledge, CEO of SalesProphet.io, who talks about the potential impact this will have on third-party applications that haven’t taken the time to integrate their applications directly with Google via an API and the required security audit to do so.
Shawn Elledge: Last week, there was some pretty big news from Google. They will start to deprecate the ability for less secure apps to connect to their mail servers.
We’ve known for a while that Microsoft and Google have been getting tired of third-party apps piggybacking off their mail servers.
This policy update shouldn’t shock anyone. We knew this was coming.
What does that mean to you?
Well, it means if your sales automation platform didn’t go through the security audit With Google, Microsoft, and PwC, which takes about three and a half months, then that application will no longer be able to connect to your email accounts.
This is big news. So, many sales automation platforms will be scrambling to either get an app password setup or go through the process of integrating their app via the Google API, which requires a security audit that can take 3 months or longer to accomplish.
So it’s a big deal that took us 3.5 months to complete.
The other thing that’s going to be impacted big time is going to be email-warming tools. So you must look for mail-warming tools that do not connect via IMAP, user id, and password. These apps will be gone very soon.
However, email-warming apps like WarmUpInbox that use an app password I don’t think they’re going to be impacted.
I think at some point, app passwords will not be given out as randomly as they are today. I suspect one day soon, there may be some policy review before they’re given out. Google already states email warming goes against their user policy and can get your account blocked, so it’s only a matter of time.
It’s kind of surprising that Google doesn’t require a review to create an app password. I suspect this will change over time as well to something more similar to going through the process of API integration with Google or Microsoft; there should probably be some security audit.
I’ll do my best to keep you posted on these policy changes. If you’re looking for a sales automation platform that’s OAuth-authorized, look no further than SalesProphet.io
Looking back at the decision to integrate or not to integrate, I’m glad we made the right call.