Monday, 26 October 2015

Microsoft Outlook Is Impacted by Gmail's New Security Standard "OAuth 2.0"

Email-clients normally use security standards to access email accounts on email-servers, Gmail "15 Jul 2014" has decided to increase security measures to stop vulnerabilities, the old security standard that is being used by Gmail and also by many Email-clients is called "Basic Authentication", clients used to use this standard to send passwords in the form of plain text to Gmail servers. Gmail has launched a new security standard called "Open Authentication" or "OAuth 2.0", that doesn't accept plain-text passwords any more, so many clients now suffer accessing Gmail accounts.


Good news is, Gmail allows account's owner to disable "Open Authentication" and enable "Basic Authentication" once again to enable less secured clients work normally, this page has these enable/disable options.

A Microsoft article explains that "Google has increased its security measures to block access to Google accounts after July 15, 2014 if those accounts are being set up or synced in apps and on devices that use Basic Authentication.

A very good post snoops around the impacts happen according to Gmail decision.

Gmail redirection error page is so ambiguous regarding that popular impact, and has no link for the enable/disable page issue, but Gmail sent me a detailed email to tell me about "sign-in attempt prevented" happened by Outlook during my trial to add my Gmail account, the email has included the following statment:

"We strongly recommend that you use a secure app, like Gmail, to access your account. All apps made by Google meet these security standards. Using a less secure app, on the other hand, could leave your account vulnerable. Learn more."


No comments:

Post a Comment