News

Here’s Why You Need To Switch To Apps With OAuth2 Authentication

Announcement by G Suite Regarding OAuth2 Authentication?

The G Suite Team has recently announced that it will be turning off access to less secure apps which are also known as LSA that use only username and password to access Google accounts.

To be more precise, from February 15, 2021, only those apps that use OAuth2 Authentication will be able to access G Suite.

No app will be able to access a G Suite account using password-based Authentication

Source: oauth.com

In the blog that follows, we shall be focusing on the pointers such as (but not limited to) –

What Are Less Secure Apps, And How Can They Be Dangerous?

Less secure apps are non-Google apps. These apps can access your Google account using your username and password. There is no additional verification process in place that can bar them from accessing your Google account.

When there is no additional verification, your Google account can easily be compromised, hijackers and hackers can easily make attempts to hack into your Google account.

Why’s Google Banning Less Secure Apps And Moving To OAuth

Starting from June 15, 2020, first time LSA (less secure app) users will no longer be able to access Google account. LSA users before the aforementioned date will be able to continue until access is turned off for all less secure apps.

 

You must be wondering why Google is becoming so stringent with its OAuth Norms. That’s because third-party apps or less secure apps can access information such as –

Not to forget apps can have access to a lot of sensitive data that resides in your Gmail account, Google Drive, Google Calendar and Contacts.

When Things Can Go Out Of Your Hands

Things can get dangerous when the server of a less secure app gets hacked. In that scenario, all your sensitive data might go in the hands of hackers. And, since after being hacked, the data gets placed on to a server that does not belong to Google, it can’t be protected. You, thereby, risk your data privacy and security.

It is for this reason why G Suite has come up with OAuth2 Authentication. But, before we delve into more details about OAuth2 Authentication. Here is how you can quickly control or remove access from apps that are considered less secure by Google.

Google Account > Security (left navigation panel) > Third-party apps with account access panel > Manage third-party access

Now, select the app from whom you don’t want to grant access, and select Remove access.

What is OAuth2 Authentication?

In simple terms, OAuth2 Authentication is an advanced and secure way of giving any app the authorization to your account. It authorizes third-party applications such as Facebook and Instagram to gain access to your account without compromising your password. This happens because the third party application only gets an OAuth token with the help of which it can access your account.

And, the best part is you have the power to revoke the token.

What Can You Do

Apps such as Gmail, Facebook, Office365, Windows Mail, PayPal, Instagram, Amazon, and Basecamp use OAuth2 Authentication. But, if you are using an app that uses only username and password to access Google account, here are certain things you can do –

Email Users

Calendar Users

Note: If you don’t switch to an OAuth compliant apps by February 15, 2021 you will start receiving an error message that your username-password combination is incorrect.

The Bottomline

OAuth2 Authentication is a step being taken by Google to cement and preserve data privacy and security.  If the app that you are using doesn’t use OAuth, you will have to switch to one that offers OAuth. You can even ask the developer of the app to start supporting OAuth.

We hope you found the blog to be useful and if there is more that you want us to add, do let us know in the comments section. For more such content, stay tuned to Systweak blogs.

Leave a comment