Less Secure Apps Shutdown coming in Fall 2024
To keep accounts safer from hijacking attempts, Google will remove Less Secure Apps (LSA) settings in Google Workspace. Beginning September 30, 2024, access to LSAs will be turned off, and therefore CalDAV, CardDAV, IMAP, POP and Google Sync will no longer work when signing in with a password. If your company uses LSAs or apps that are less secure and do not use modern security standards, you will be impacted by this change. Check out the Google Workspace Updates blog to read more about Google’s announcement.
What are LSAs?
Less secure apps are non-Google apps that can access Google accounts with only a username and password (basic authentication). LSAs provide password-based access to apps, requiring users to reveal their username and password. This basic authentication method leaves the user more vulnerable to account hijacking.
Examples of LSA include:
- Native mail, contacts and calendar sync applications on older versions of iOS, MacOS or Outlook for Mac
- Older mail clients like Microsoft Outlook 2016 or earlier
- Thunderbird or another email client not already configured with OAuth
Also impacted by this change:
- Scanners and printers using SMTP or LSAs to send emails
- Google MDM custom push configuration-CardDAV
- Google MDM custom push configuration-CalDAV
Potential Risk if unaddressed:
- Misconfigured apps
- Misconfigured devices
- Misconfigured admin settings
What You Need to Do
If you do not take action by September 30, users of LSAs will receive errors that their username and password combination are incorrect and will not be able to log in.
Before the LSAs shut down on September 30, customers will need to switch to a more secure type of access – OAuth. An OAuth connection method allows apps to access account information with a digital key. If an app does not support OAuth, you will need to make the switch to one that does offer OAuth or create an app password to access these apps.
Impact on iOS users
iOS users who currently have Google Account data synchronized with the native Mail, Contacts and Calendar apps on their devices are potentially impacted. It depends on how they’ve configured their Google Account on the device. If the account is configured using Google Sync (uses Microsoft Exchange ActiveSync to sync Google mail, calendar and contacts to Apple’s native Mail, Contacts and Calendar apps), then account configuration changes are required. Google Sync doesn’t support OAuth or 2-factor authentication, and therefore action is required for users to continue getting their Google Workspace data on iOS.
The obvious alternative and recommendation is to use the Google apps for Gmail and Calendar. To synchronize Google Contacts, and to continue using the native apps on iOS for Calendar and Mail, the account can be deleted and readded to sign in using Google (vs. the Microsoft Exchange option used in Google Sync setup).
Additional considerations regarding Google Sync are detailed in this Google Help Center article.
Impacts to email clients
Users of Outlook 2016 or older should move to Microsoft 365 or Outlook for Windows or Mac, which support OAuth access. Alternatively, you can use Google Workspace Sync for Microsoft Outlook.
If you use Thunderbird or another email client you’ll need to re-add your Google account and configure it to use IMAP with OAuth.
Impacts on printers and scanners
If your printers and scanners are configured to send mail on behalf of your domain using Simple Mail Transfer Protocol (SMTP) or LSAs, configurations will need to be updated to use OAuth or create an app password for the device. Alternatively, if you are utilizing Google’s private relay services through Workspace, switch to IP-based whitelisting.
How We Can Help
Wursta’s team of certified Workspace experts is ready to assist your admins and end users with the changes required to avoid misconfigured apps, devices and admin settings that result in errors after September 30. Our LSA Shutdown Service offers impact assessment and analysis, consulting on required configuration changes, technical documentation and end-user communications and user guides.
Connect with your Wursta account manager or contact us for assistance in assessing the impact of this change, adjusting configurations appropriately and communicating to help your organization prepare accordingly.