Google announced in December of 2019 that it will soon require that third-party applications support OAuth 2.0 as a connection method for access to G Suite data. In June 2020 Google will begin denying access to users that attempt to login to less secure apps (LSAs). The company defines LSAs as applications that access your Google account with only a username and password.
In the announcement of the new requirements, Google highlighted legacy email, calendar, and contacts applications as utilities that are likely to be affected by this change. The company noted that they view LSAs as a significant security risk for end-users:
“If a bad actor got access to your username and password (for example, if you re-use the password on another site that is subject to a data breach), they could access your account data with just that username and password information through an LSA.”
Some have noted that although the security risks are certainly nothing to scoff at, Google does potentially benefit from this move in other ways. Many third-party applications are yet to embrace OAuth and this requirement could motive many organizations to move toward embracing the Google Cloud platform.
Google has provided resources for the developers of third-party applications that are looking to maintain compatibility. Developers can follow Google’s guide to implementing OAuth 2.0 to access Google APIs.