Google Workspace shutting down LSA support (second notice)

As part of their previously-announced intention to disable Less Secure Access (LSA) support, Google recently sent out another email notification warning that eventually, Google Workspace accounts will only allow access to apps using OAuth. Here's that shutdown timeline:

  • Beginning June 15, 2024 -- LSA settings will be removed from the Google Workspace console.
  • Beginning September 30, 2024 -- Access to LSAs will be turned off for all Google Workspace accounts. Any CalDAV, CardDAV, IMAP, and POP access will now require OAuth.

The latest Google notification email does indicate that app passwords continue to exist as a piece of functionality -- if I'm reading that right -- but the point is a bit moot as you will not be able to download emails via IMAP/POP using only an app password. If you're an old skool nerd like me, using Fetchmail or Getmail, this means the end of easy mailbox scraping. (Now for Google Workspace accounts, but eventually for Gmail accounts, too, I'm sure.) There's been talk (and code) showing off Oauth support for these tools, but so far support is uneven and not easy to configure. (There's always Email Engine, which works very nicely but is not free.)

I've received notification about all of this only as it affects Google Workspace accounts; I see nothing that firmly indicates to me that Gmail accounts (I mean, non-Workspace Google accounts) are also affected by the shutdown timeline. One assumes it'll happen eventually, though.

I'll miss you, easy app password-based mailbox scraping! You've always made my deliverability troubleshooting life easier.

Post a Comment