A customer forwarded an email from Google about some pending changes, and is asking me about whether Sage 100 is compatible.
We’re constantly working to improve the security of your organization’s Google accounts. As part of this effort, and in consideration of the current threat landscape, we’ll be turning off access to less secure apps (LSA) — non-Google apps that can access your Google account with only a username and password, without requiring any additional verification steps. Access through only a username and password makes your account more vulnerable to hijacking attempts. Moving forward, only apps that support a more modern and secure access method called OAuth will be able to access your G Suite account.
Access to LSAs will be turned off in two stages:
- June 15, 2020 - Users who try to connect to an LSA for the first time will no longer be able to do so. This includes third-party apps that allow password-only access to Google calendars, contacts, and email via protocols such as CalDAV, CardDAV and IMAP. Users who have connected to LSAs prior to this date will be able to continue using them until usage of all LSAs is turned off.
- February 15, 2021 - Access to LSAs will be turned off for all G Suite accounts.
References:
https://developers.google.com/identity/protocols/OAuth2
https://developers.google.com/identity/protocols/OAuth2InstalledApp
Of course, Sage 100 only allows me to set server, user, password, and encryption... with no information on the authentication methods. Can someone confirm if these requirements will cause problems when Google turns off the LSA access (or if Sage 100 can be upgraded to allow this authentication method)?
