Google rolls out stricter security rules for Gmail users

Starting September 30, Gmail users under Google Workspace will face new password rules to improve security. Google will no longer allow apps considered “less secure” to access Gmail account data using just a username and password.

As per Google, this move strengthens account security, including adopting passkeys for Chrome and using post-quantum cryptography. It also changes how third-party apps and devices access Gmail data.

Google ends support for less secure apps

To eliminate the old username-and-password sign-in mechanism and lower the chance of compromise for Gmail users, Google is mandating all Google Workspace users to log in using a more secure way of accessing apps requesting access to Gmail data.

Instead of traditional password-based logins, Google now requires apps to use OAuth, a more secure authentication method. The changes affect all Google Workspace users, with services like CalDAV, CardDAV, IMAP, POP, and Google Sync no longer supporting password-based access.

The company also removed the “less secure apps” setting from the Google Workspace admin console to smooth this transition.

For those unfamiliar, Google sees third-party apps or devices that merely require you to input your login and password to sign in as less secure apps.

Because they do not require Google’s authenticator to log in, the company views these apps and devices as security threats, particularly for Google Workplace accounts.

While this change won’t impact personal Gmail users, they can no longer disable IMAP, which will now always require OAuth for access.

Google advise Workspace users to take these specific actions to avoid login issues:

• If you use Outlook 2016 or earlier, upgrade to Microsoft 365 or Outlook for Windows or Mac.
• If you use Thunderbird or another email client , you must connect your Google account again and set it up to use IMAP with OAuth.
• To enable OAuth in Mail for iOS or macOS, select the Sign-in with Google option. This process will remove and then re-add your account.

What do you think about the new security rules for Gmail? Are there any other features you need in Gmail? Let’s discuss it below in the comments, or ping us on our Twitter or Facebook .