ALERTS

Notice: Google@UH Less Secure Apps (LSA) End of Life - June 4, 2024 (Feb 11 02:20 pm)

UH ITS will be disabling Less Secure Apps for Google@UH users on June 4th, 2024. Users who use a third-party email client (such as Thunderbird, Outlook, and iOS or macOS Mail) or calendar application to check their email or sync calendars/contacts may be impacted. Access to Google@UH Gmail, Calendar, and Contacts on the web will not be impacted.


  • What is Less Secure Apps (LSA)?
  • Who is Impacted?
  • What Should Impacted Users Do?

What is Less Secure Apps (LSA)?

Less Secure Apps (LSA) is a sign in method used to authenticate your Google@UH account to third-party applications, such as email clients. Users authenticating with LSA sign in to applications using only their UH username and password. LSA is an outdated authentication method that puts accounts at additional risk since it requires sharing account credentials with third-party applications and can make it easier for malicious actors to gain access to a user’s account. The industry has adopted a more secure method of authenticating third-party applications called OAuth 2.0 which is supported by most modern email clients.


Who is Impacted?

Users who use a third-party email client or calendar application to check their email or sync calendars/contacts may be impacted if their application(s) connect via LSA.


Check if you are currently using LSA.

To check if you are currently using LSA, visit the Google Account LSA access page and log in with your Google@UH account. 


If this setting is OFF or listed as "not available for accounts with 2-step verification", then you will not be impacted.


If LSA is set to ON

If LSA is set to ON you should review our list of potentially affected applications to determine if a third-party application that you use is affected. Some common applications that are affected include:

  • Outlook 2016 (and older)
  • iOS Mail app if connected via Exchange Activesync (Google Sync)
  • Mozilla Thunderbird if connected via Username and Password
  • macOS Mail (Mac Mail) if connected via Username and Password

Users who may have this setting set to ON but do not use any third-party applications and only access their emails, calendars, and contacts on the web will not be impacted.


What Should Impacted Users Do?

Impacted users will need to remediate their affected third-party applications prior to LSA being disabled on June 4, 2024 if they wish to continue using them to connect to their Google@UH account.


Review our Less Secure Apps End of Life article for more information, to determine if you are impacted, and for help remediating affected third-party applications.