Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Google Security

8 views
Skip to first unread message

Wolfgang Jäth

unread,
Dec 18, 2019, 12:47:31 AM12/18/19
to
Am 16.12.2019 um 20:49 schrieb Anthony R. Gold:
> I just receive the following message from Google and ask whether Hamster can
> perform the type authentication that GMail will be requiring in the future
> or whether is qualifies as an LSA (less secure app). Is this the end of the
> road for Hamster?
>
> To: admin@
> Subject: [Action Required] Switch to apps that use secure OAuth access
> From: The G Suite Team <gsuite-...@google.com>
> Date: Mon, 16 Dec 2019 10:50:00 -0800
>
> G Suite logo
>
> Beginning June 15, 2020, non-Google apps that use only a password to access
> Google accounts will no longer be supported.
>
>
> Starting February 15, 2021, G Suite accounts will only allow access to apps
> using OAuth. Password-based access will no longer be supported.
>
> Dear Administrator,
>
> We're constantly working to improve the security of your organization's
> Google accounts. As part of this effort, and in consideration of the
> current threat landscape, we'll be turning off access to less secure apps
> (LSA) — non-Google apps that can access your Google account with only a
> username and password, without requiring any additional verification steps.
> Access through only a username and password makes your account more
> vulnerable to hijacking attempts. Moving forward, only apps that support a
> more modern and secure access method called OAuth will be able to access
> your G Suite account.
>
> Access to LSAs will be turned off in two stages:
>
>
> June 15, 2020 - Users who try to connect to an LSA for the first time will
> no longer be able to do so. This includes third-party apps that allow
> password-only access to Google calendars, contacts, and email via protocols
> such as CalDAV, CardDAV and IMAP. Users who have connected to LSAs prior to
> this date will be able to continue using them until usage of all LSAs is
> turned off.
> February 15, 2021 - Access to LSAs will be turned off for all G Suite
> accounts.

I think this is a response to PSD2 (Payment Services Directive 2) of the
EU, but I doubt that *any* email client is curently, within this time
frame, or in any future at all, able or willing to fulfill such a claim.
If Google really insists on such a procedure for IMAP access too, they
are IMHO overshooting the mark far afield.

Personally I think, it is not exactly unwelcome, maybe even intended,
that such a request 'coincidentaly' compells the cusomers to use a web
interface being under *their* (financiall) control, instead of using an
interface under independent control (and thus not earning them any
profit). Sorry.

Wolfgang
--
Donald Trump ist ein großer Visionär, der seiner Zeit weit voraus ist:
Er verbreitet schon jetzt den Slogan "make America great again", obwohl
dieser erst in der Ära /nach/ ihm seine volle Bedeutung entfalten wird.

Lu Wei

unread,
Dec 21, 2019, 9:33:38 AM12/21/19
to
On 2019-12-17 3:49, Anthony R. Gold wrote:
> I just receive the following message from Google and ask whether Hamster can
> perform the type authentication that GMail will be requiring in the future
> or whether is qualifies as an LSA (less secure app). Is this the end of the
> road for Hamster?
> ...
Google has long planning to kill "less secure apps". According answers
in https://support.google.com/mail/thread/23019816?hl=en , google
deliberately disabled OAuth with POP3, but 2-step-verification could be
used as a workaround. I will try it myself in the near future, for I am
accessing Gmail by "less secure way".

These are the reference links I copied:

2-Step Verification (2SV)
*
http://gmailblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

* http://www.google.com/landing/2step/ (account settings)
* https://support.google.com/accounts/answer/185839 (help center)
* https://support.google.com/accounts/answer/1187538 (make SURE to
save backup codes)

Universal 2nd Factor (U2F)
*
http://googleonlinesecurity.blogspot.com/2014/10/strengthening-2-step-verification-with.html

* https://support.google.com/accounts/answer/6103523 (help center)
*
https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html
(100% protection)
* U2F Key - https://www.amazon.com/dp/B07BYSB7FK
https://www.amazon.com/dp/B07M8YBWQZ/

As long as POP3 could be used, I think Hamster should be able to handle
the rest.

--
Regards,
Lu Wei
IM: xmpp:luwe...@riotcat.org
PGP: 0xA12FEF7592CCE1EA
0 new messages