If you aren’t yet aware: G Suite password-based access will soon be ending.
Why does G Suite password-based access matter?
Securing access to your accounts is a never-ending struggle for the perfect balance between giving you easy access while keeping intruders out. Even today, many programs and web services only offer a simple password to protect your account which, as more and more data breaches and password leaks are exposed, we find is just not enough to protect your most important accounts.
Google recognizes this shortcoming (as do companies like Microsoft) and has introduced multiple layers of security to protect your account. You may be familiar with “two-factor authentication” or “multi-factor authentication” in which a code gets sent to your mobile device when you log in for the first time from a new device or location. One layer of security you may not have heard about, however, is “OAuth” (short for Open Authorization).
What is OAuth?
In password-based programs and services, your username and password are transmitted every time you log in. Every time your username and password are transmitted is one additional opportunity for a malicious actor to steal your information. Even worse, once they have your password then they have access to every feature of your account! For your shopping accounts, this might mean they can change your shipping address and purchase things fraudulently from your account. For email, they can reroute your incoming mail or send spam or phishing emails to your contact list.
With OAuth, however, your password is only ever input once, directly on the service providers website (in this case, Google). From then on, logging in is done with a token that is unique to a single application (which could be your phone’s mail app, Outlook, Windows or Apple Mail, among others). This token is both unique, meaning it is only ever used for this single application, and limited in scope, meaning it only has enough access to do what you need it to do (send and receive email, for example). In the off-chance that this token is compromised or hijacked, it can easily be revoked, rendering it useless. It also cannot be used for account functions it’s not authorized for, such as changing your password and account recovery information.
In short, OAuth is more secure for two reasons- because you don’t use your password to log in every time which limits the number of times your password could be stolen and because the token you use in place of a password is limited to only being able to do a few, application-specific things within your account.
When will this take effect?
This change will take effect in two stages.
- June 15, 2020: Existing password-based access will continue to function but no new password-based access will be granted.
- February 15, 2021: All password-based access will be discontinued.
What does this mean for me?
- If you only use the G Suite web app (i.e., https://mail.google.com), then nothing needs to be done.
- For users of Outlook 2019, nothing needs to be done.
- For users of Outlook 2016 and older, you will either need to upgrade to Outlook 2019 or configure the G Suite Sync for Microsoft Outlook tool, if you haven’t already.
- For other mail apps, such as the iOS or MacOS mail apps, it depends. If your account was set up using just a username and password, then you’ll need to remove the account and re-add it. Otherwise, it is already using OAuth and no action is necessary.
If your mail app isn’t listed or if you would like to request assistance so that you don’t lose access to your email, please give us a call at 252-558-1280 or reach us by email at firstname.lastname@example.org or by support ticket at https://universitypccare.support.