3rd-party apps to lose Google a/c access on May 30th...

[mikewalsh]

Morning, gang.

Some important information for y'all.

On May 30th, Google will be enforcing 2FA access for everything that wants to access your Google a/c in any way, shape or form. This will apply to things like other browsers; any other Chromium 'clone' will lose access to things like the Google Web Store - so things like extensions will quit working. And e-mail clients - like, for instance, Thunderbird - will lose the ability to access a GMail a/c.

https://support.google.com/accounts/ans ... t-fa&pli=1

This invariably is going to henceforth mean the use of a 2FA app, in order to confirm access to anything twice, from 2 different systems. Anyone who doesn't have the use of a smartphone, therefore, is going to be SOL.

Google say this is, of course, in the name of greater security. In reality, this looks like an attempt to lock users more tightly into the "Googlesphere"; in other words, if you rely on any Google products for your workflow, you will HAVE to use Chrome. No choice in the matter. Naturally, the preferred method is the Google Authenticator app, only available on Android!

There IS something called an 'App password', which is a one-time means of granting 3rd-party access to your Google a/c on any given device. I haven't looked into this yet, but it may be a way around the issue for some of you:-

https://support.google.com/accounts/ans ... p-password

Personally, being a Google a/c holder of almost 20 years, this makes no difference to me. But I felt those of you who weren't aware of this had the right to know.....

Mike.

[wiak]

There is also the end of G Suite legacy free accounts (I currently have 3 of these...), like Google Apps/Workspaces for Business.
Real pain... I have to move domains I own to new underlying email services now since no way am I paying the per-user monthly changes of Google Workspaces (several users involved).

https://9to5google.com/2022/01/19/g-sui ... e-edition/

They have until May 1 to select a new plan (of which there are several tiers), or Google will do it for them “based on what [they] currently use with [their] G Suite legacy free edition.” However, billing won’t start for at least two months if you were automatically upgraded.

Upgrading from your G Suite legacy free edition to Google Workspace will only take you a few short steps and is not disruptive to your end-users. To support you in this transition, you will have discount options for 12 months after July 1, 2022.

Plans start at $6 /user/month with Business Starter and go up to $18 /user/month. (Very small businesses with just one existing Gmail can also upgrade to Workspace Individual for $9.99/month, but will not get a custom email address.) Google will suspend your automatic Workspace subscription/accounts if you do not enter billing details before July 1, 2022.

[rockedge]

Thunderbird - will lose the ability to access a GMail a/c.

I managed to get T-Bird to able to talk to my Gmail accounts using OAuth. First attempt required a code sent to a cell phone (horrible since when is it automatically assumed I even own a cell phone?). Once logged in T-Bird is authorized and doesn't need the 2 step process and can get and send mail via Gmail.

Was a pain to go through so many instances of T-Bird I have spread around 40 or so operating systems I currently have able to boot.

Forcing me to use the cell phone does not make me happy at all. The system seems fraught with potential failure.

[rockedge]

I will move mountains so as NOT to pay Google a single cent.

[ozsouth]

To help keep your account secure, starting May 30, 2022, ​​Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.

I read that 'or devices' to mean non-google devices, even if they use chrome. Hope I'm wrong, but if not would mean only
Android devices/Chromebooks will have open access. I'll be OK with my Chromebook, but many others won't be.

Yahoo did something similar 2 years ago with oauth - either use software that has it or get one-time passwords.
Fortunately, Thunderbird was allowed to update so as to comply.

[mikewalsh]

@rockedge :-

Thunderbird - will lose the ability to access a GMail a/c.

I managed to get T-Bird to able to talk to my Gmail accounts using OAuth. First attempt required a code sent to a cell phone (horrible since when is it automatically assumed I even own a cell phone?). Once logged in T-Bird is authorized and doesn't need the 2 step process and can get and send mail via Gmail.

Was a pain to go through so many instances of T-Bird I have spread around 40 or so operating systems I currently have able to boot.

Forcing me to use the cell phone does not make me happy at all. The system seems fraught with potential failure.

Hm. In-ter-esting. Would you care to share the technique, Erik? Losing the use of T-Bird is NOT something I'm prepared to contemplate.....

Got any links, please? I'm not on Android - got an old Nokia Asha dumbphone - but I do use the 'OTPclient' app for 2FA.....which can 'read' a PNG screenshot of a 'QRCode' block.

https://github.com/paolostivanin/OTPClient

Mike.

[rockedge]

@mikewalsh I'll put together an outline of the steps. Basically it is going into the security settings of your Google account and enabling OAuth2. Then going into the T-Bird email account settings and changing the authorizing method

[mikewalsh]

@mikewalsh I'll put together an outline of the steps. Basically it is going into the security settings of your Google account and enabling OAuth2. Then going into the T-Bird email account settings and changing the authorizing method

If I'm not mistaken, however, that then means manually signing-in to every Google item you use ever afterwards with 2FA, doesn't it? I know that's what Google wants us all to do, but honestly, what a massive PITA every time you want to go on-line...

I know they say there's no gain without pain, but there ARE limits.

Mike.

[rockedge]

Thunderbird only needs the authorization once and it shares a token that it can communicate with the mail servers on your behalf. The pain is when I log in to Google on all the different operating systems I am bouncing in and out of. Must drive them nuts, but it is a severe hassle for me to have my phone receive a link I must click on the phone to log in on the desktop computer........hhhhmmmmm...............

[666philb]

i decided to bite the bullet last summer and move my email from gmail to disroot and it wasn't as difficult as i thought it would be.
i had it all done in an afternoon.

[ahoppin]

It's not a massive pain for going online if you don't use Google. Who needs them?

I agree with 666PhilB, Disroot is a worthy Gmail replacement. It's doing well for me so far.

It speaks POP3 and IMAP with no Oauth requirement. It's free, claims to be volunteer-run, gives you 2 gb of online file storage in addition to the email. Its privacy policies seem to be better. They'd have to be, by EU law, since they're in the Netherlands.

A shared web server is yet another solution, though it's not free. With most of them, you can create as many email accounts as you want, with your own domain name. You also get web space, usually many gb.

Remember that Google and Gmail aren't really free, you pay with your privacy and personal data. It sounds as if in the future you will also pay with real cash. I guess that $147 billion they made in 2021 still wasn't enough.

Again, who needs them?

If you're forced to use Google, by work or whatever, then you have another use case for Puppy.

A live pup is like having a newly installed OS and browser on every boot.

If that's too much trouble, you can reserve a savefile exclusively for Google.

Maybe add a VPN and a generic Windows browser user agent string for even more security, and you limit what Uncle Googoo knows about you.

For 2-factor ID, use a burner phone and a cheap pay as you go SIM. It can be less than $5/month.

Google wants to be their own walled garden. Fine, we can wall them in from our end too.

"Don't be evil" indeed. They gave up that policy years ago.

[GusCE6]

Phooey on Google.

[ozsouth]

SO, DDAY has arrived (not quite yet in USA). Clones are supposed to lose access to Google services (i.e Meet; Remote Desktop) today.
I could connect 2 laptops (Puppy laptop - firefox-esr - my CRD .pet, & Chromebook), using my Google sign-in & home wireless,
on both without 2FA. I alternated control from each. Might be too early/not a good test, so will test again much later today.
Anyone experiencing loss of (or 2FA mandated) access from clones (i.e. Chromium, Brave etc) ? If so, which browser etc?

EDIT: At 2 a.m. L.A. time, no change.

[mikewalsh]

@ozsouth :-

I opted to switch over to 0Auth 2FA around 3 weeks ago, to forestall any issues, and to save being 'pushed' into it. It doesn't really create as much hassle as I expected it to; all it takes is an extra step of entering an additional code sent to your mobile phone.

And in the majority of cases, this only needs to be done once per app or device, because you get the option to "remember" this on a per-app basis.

I'm certainly no Google 'fan-boi'; I detest their 'nosiness' and data-harvesting as much as anyone, but I'm pragmatic.....there's no getting away from the fact they DO provide a bloody good set of tools for their users, free of charge, which seamlessly just 'work' together, flawlessly. If they make my life simpler, I'll make use of 'em; it IS possible to have Google in your life while at the same time limiting your exposure as far as is practical....

(*shrug*)

Just need to be 'savvy' about it, and use a bit of 'nous'!

Mike.

[user1234]

To help keep your account secure, starting May 30, 2022, ​​Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.

I read that 'or devices' to mean non-google devices, even if they use chrome. Hope I'm wrong, but if not would mean only
Android devices/Chromebooks will have open access. I'll be OK with my Chromebook, but many others won't be.

Yahoo did something similar 2 years ago with oauth - either use software that has it or get one-time passwords.
Fortunately, Thunderbird was allowed to update so as to comply.

What I get of it is that you will have to do some double verification thing, that includes mobile phone.

Like the one where you have to press the button in mobile phone, containing a number shown on the computer. Or maybe some other kind of login confirmation through mobile phone.

Although, this enhances the security of logins, it also creates headaches for people not having phones (Well I do have got one. So it might not be a problem for me.)