Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Google Boosts Security For GMail and Google Talk With OAuth 2.0

On Monday, Google announced that IMAP/SMTP and XMPP would be getting a security boost in the form of OAuth 2.0. The transition comes as the company depreciates older standards (OAuth 1.0a) on the GMail and Google Talk services.

Ryan Troll, a member of Google’s Application Security Team, said in a blog post that the changes are part of a long term plan to support additional mechanisms to protect user information.

On Monday, Google announced that IMAP/SMTP and XMPP would be getting a security boost in the form of OAuth 2.0. The transition comes as the company depreciates older standards (OAuth 1.0a) on the GMail and Google Talk services.

Ryan Troll, a member of Google’s Application Security Team, said in a blog post that the changes are part of a long term plan to support additional mechanisms to protect user information.

Google started using OAuth more than a year ago, as a way to enhance the security of the authentication process. On Google’s APIs, OAuth 2.0 allows access to Google’s two-factor authentication features as well, allowing developers flexibility in the levels of security offered by a given app.

“When clients use OAuth 2.0, they never ask users for passwords. Users have tighter control over what data clients have access to, and clients never see a user’s password, making it much harder for a password to be stolen. If a user has their laptop stolen, or has any reason to believe that a client has been compromised, they can revoke the client’s access without impacting anything else that has access to their data,” Troll wrote

Access to OAuth 2.0 on XMPP (Google Talk) and IMAP/SMTP (GMail) is available now. As mentioned, support OAuth 1.0a is ending. Developers are asked to update their applications quickly in order to avoid problems.

Documentation for using OAuth 2.0 to access Google APIs can be found here

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Funding/M&A

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...