You are now in the main content area

Google to block access to apps that do not use OAuth

July 30, 2024

To: All students and employees who use a personal or generic TMU Google account to access less secure apps

Google will soon increase its security standards by blocking all third-party applications that use less secure methods for logins—for Google, this means any application that does not use OAuth as an authentication method.

We have identified that after September 30, 2024, you will experience issues logging in to some applications you currently use.

What is OAuth?

OAuth stands for open authorization and helps to keep your TMU Google account secure.

When an app uses OAuth, this means it does not need Google to reveal your TMU username and password to the app, and instead uses an access token to gain authorization to log you in.

Which apps will be blocked?

Common apps and services that could become disabled include:

  • Email clients such as Microsoft Outlook, Thunderbird, or Apple Mail, which use a password to access Gmail.
  • Copiers or scanners using simple mail transfer protocol (SMTP) to send emails of scanned items using your TMU Google password credentials.
  • Any less secure apps that require your TMU Google password for access instead of OAuth.

What this means for you

Since you are using a TMU Google account to access apps that have not incorporated OAuth into its login process, you are encouraged to either:

  • update settings in your apps to enable OAuth or, if unavailable;
  • switch to a more secure app that offers the OAuth login process.

When will this happen?

Access to all less secure apps via Google Workspace will be turned off as of September 30, 2024 and you will no longer be able to access them.

How to check whether your apps are considered by Google as less secure apps

To check which app you use that is considered a less secure app:

  1. Log in to your TMU Google Drive and go to your Google Account Settings. You can find your settings by clicking your user icon in the upper-right corner of your screen.
  2. Click on Manage your Google Account.
  3. On the menu on the left, click on Security.
  4. Scroll down to the Less Secure Apps Access section.

How to ensure continuous access

  • To find guidance on how to ensure continuous access for commonly-used email apps and the Google Calendar and Workspace apps, please visit the Setting up Email and Calendar apps to use OAuth.
  • For any other third-party applications, you will need to ensure it is configured to use OAuth authentication to continue using it. In some cases, an app may not offer OAuth which means you will need to consider switching to an application that does.
  • If you are using a paid application that does not offer OAuth, you may wish to contact the vendor regarding options, ahead of the September 30 change date.

Are you a TMU app developer?

If you are the owner of an application hosted on the TMU campus and OAuth is not an available option on the app, Computing and Communications Services may be able to help. Please contact the CCS Help Desk with the following information about your application:

  • where your application is hosted—on-premise or external; and
  • what options your application supports for authentication.

Questions?

If you have any questions, please contact the Computing and Communications Services (CCS) Help Desk via the IT Help portal, help@torontomu.ca or 416-979-5000, ext. 556840 (students) or ext. 556806 (employees).