Late last year, we announced a planned change to our security policy, whereby OAuth 2.0 tokens would be revoked when a user's password was changed. We later decided not to move forward with this change for Apps customers and began working on a more admin-friendly approach, which is now ready to be rolled out.
To achieve the security benefits of this policy change with minimal admin confusion and end-user disruption, we’ve decided to initially limit the change to mail scopes only, and to exclude Apps Script tokens. Apps installed via the Google Apps Marketplace are also not subject to the token revocation. Once this change is in effect, third-party mail apps like Apple Mail and Thunderbird―as well as other applications that use multiple scopes that include at least one mail scope―will stop syncing data upon password reset until a new OAuth 2.0 token has been granted. A new token will be granted when the user re-authorizes with their Google account username and password.
Mobile mail applications are also included in this policy change. For example, people who use Apple’s mail application on iOS will now have to re-authorize with their Google account credentials when their password has been changed. This new behavior for third-party mobile mail apps aligns with the current behavior of the Gmail apps on iOS and Android, which also require re-authorization upon password reset.
Please see this Help Center article and FAQ for more details. The policy change is scheduled to take effect on October 5, 2016. Moving forward, any additional scopes to be added to the policy will be communicated in advance.
Please note that password changes alone should not be relied upon for account security. If you suspect an account may be compromised, use the checklist in the Help Center to ensure that your users' accounts are secure.
Launch Details
Release track:
Launching to both Rapid and Scheduled release on October 5, 2016
Rollout pace:
Full rollout (1-3 days for feature visibility)
Impact:
All end users
Action:
Change management suggested/FYI
More Information
Help Center and FAQ
Note: all launches are applicable to all Google Apps editions unless otherwise noted
Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates
To achieve the security benefits of this policy change with minimal admin confusion and end-user disruption, we’ve decided to initially limit the change to mail scopes only, and to exclude Apps Script tokens. Apps installed via the Google Apps Marketplace are also not subject to the token revocation. Once this change is in effect, third-party mail apps like Apple Mail and Thunderbird―as well as other applications that use multiple scopes that include at least one mail scope―will stop syncing data upon password reset until a new OAuth 2.0 token has been granted. A new token will be granted when the user re-authorizes with their Google account username and password.
Mobile mail applications are also included in this policy change. For example, people who use Apple’s mail application on iOS will now have to re-authorize with their Google account credentials when their password has been changed. This new behavior for third-party mobile mail apps aligns with the current behavior of the Gmail apps on iOS and Android, which also require re-authorization upon password reset.
Please see this Help Center article and FAQ for more details. The policy change is scheduled to take effect on October 5, 2016. Moving forward, any additional scopes to be added to the policy will be communicated in advance.
Please note that password changes alone should not be relied upon for account security. If you suspect an account may be compromised, use the checklist in the Help Center to ensure that your users' accounts are secure.
Launch Details
Release track:
Launching to both Rapid and Scheduled release on October 5, 2016
Rollout pace:
Full rollout (1-3 days for feature visibility)
Impact:
All end users
Action:
Change management suggested/FYI
More Information
Help Center and FAQ
Note: all launches are applicable to all Google Apps editions unless otherwise noted
Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates