Less secure app turn-off suspended until further notice
Monday, March 30, 2020
UPDATE:
September 29, 2023: We're ready to move forward with this change — please refer to this announcement for the latest timeline and information.
October 8, 2020: We updated the post to clarify timelines, adding "please be reassured that when we restart the turn-off timelines, you will still have a 12 month window from that start date to review and complete your migration."
Last December, we announced that we’d be turning off less secure app (LSA) access to G Suite accounts, and that you should migrate to OAuth authentication instead. The first phase of the LSA turn-down was scheduled for June 15, 2020. As many organizations deal with the impact of COVID-19 and are now focused on supporting a remote workforce, we want to minimize potential disruptions for customers unable to complete migrations in this timeframe.
As a result, we are suspending the LSA turn-off until further notice. All previously announced timeframes no longer apply. Please be reassured that when we restart the turn-off timelines, you will still have a 12 month window from that start date to review and complete your migration.
This applies to all categories of applications and protocols outlined in our original blog post, including Apple iOS Mail (whether syncing through IMAP or Google Sync). We’ll announce new timelines on the G Suite Updates blog at a later date.
Despite these timing adjustments, Google does not recommend the use of any application that does not support OAuth. We recommend that you switch to using OAuth authentication whenever possible for your organization. OAuth helps protect your account by helping us identify and prevent suspicious login attempts, and allows us to enforce G Suite admin-defined login policies, such as the use of security keys. See our original blog post for details and instructions on migrating to OAuth.
Getting started
As a result, we are suspending the LSA turn-off until further notice. All previously announced timeframes no longer apply. Please be reassured that when we restart the turn-off timelines, you will still have a 12 month window from that start date to review and complete your migration.
This applies to all categories of applications and protocols outlined in our original blog post, including Apple iOS Mail (whether syncing through IMAP or Google Sync). We’ll announce new timelines on the G Suite Updates blog at a later date.
Despite these timing adjustments, Google does not recommend the use of any application that does not support OAuth. We recommend that you switch to using OAuth authentication whenever possible for your organization. OAuth helps protect your account by helping us identify and prevent suspicious login attempts, and allows us to enforce G Suite admin-defined login policies, such as the use of security keys. See our original blog post for details and instructions on migrating to OAuth.
- Admins: No action required. However, we do recommend switching to OAuth authentication. See our original blog post for details on migrating to OAuth.
- End users: No end user impact.
- Developers: Update your app to use OAuth 2.0 as soon as possible.