G Suite accounts may restrict access to less secure third-party apps from 2020
Many users use non-Google apps, and give those apps permission to access G Suite data. For example, you may give the iOS mail app permission to see your work email. This provides users with more options and helps users get work done in a way that works well for them.
Google is making a move towards further securing G Suite accounts by cutting off "less secure apps" or LSAs starting June 2020 and will completely switch off access in February 2021. This includes third-party apps that allow password-only access to Google calendars, contacts, and email via protocols such as CalDAV, CardDAV, IMAP, and Exchange ActiveSync (Google Sync).
"LSAs are non-Google apps that can access your Google account with only a username and password. They make your account more vulnerable to hijacking attempts. Instead of LSAs, you can use apps that support OAuth-a modern and secure access method," the company said in a statement recently.
The search engine is tightening up security to prevent phishing attacks on e-mail client users, which can then be used to gain unauthorised access to Gmail data, particularly where people have used the same password across multiple sites.
The company wants application developers to support OAuth, the authentication standard used by Google. OAuth is an authorisation mechanism that lets a third party authority grant application access to a service on the user's behalf.
Using OAuth means that applications request access to the API (Application Programming Interface) and after user login and consent, receive a unique token for authentication, with this the client application does not have to store the user's password.