Google to Discontinue Authentication that Requires Users to Share their Google username and password

Beginning September 30, 2024: third-party apps that use only a password to access Google Accounts and Google Sync will no longer be supported


Does this mean “App Passwords” will be discontinued? I don’t think so, but I’m not 100% sure. Google did not explicitly clarify. The reason I think App Passwords will still be a valid authentication mechanism, is because the App Password is not your Google Account password (i.e. not your GMail password). It is an indirect password associated with your specific application. In other words, if an App Password is compromised, then it affects only your specific app, and you can invalidate it. The damage is limited to your app, not your entire account.

In any case, you can choose to use OAuth2 authentication. OAuth2 authentication requires an interactive browser session with the Google account owner to gain permission to issue the access token. Once the access token is issued, it can be refreshed for a very long time. An access token is typically valid for 1 hour, whereas the refresh token is long-lived, meaning you can non-interactively refresh the access token for a long time, such as months to year(s).