How the New Gmail 2FA Regulations Might Affect You

Spike Team
By Spike Team, Updated on February 19, 2023, 7 min read
Gmail 2FA

Google has been rolling out new 2FA regulations for Gmail users, which you may have already started feeling the effects of. In case you’re wondering how they might change access to your Gmail account, we’ve looked at what exactly these new regulations are, how changes might impact users, and what you can do to ensure smooth sailing under the new regulations.



What Are the New Gmail 2FA Regulations?



Since late last year, Google has been rolling out new security regulations that switch on two-factor authentication (2FA), which Google calls two-step verification, by default. This increases the security of your account significantly, with Google claiming that they have seen a “50% decrease in accounts being compromised among” users with 2FA.


Additionally, this means Google will automatically block access to less secure apps, meaning if you currently use one, you will no longer be able to access your Gmail account through it.



How Might Changes to Gmail 2FA Affect You?

The primary change that most Gmail users will experience is being forced to set up and use two-factor authentication (2FA). This is a relatively simple process that we will walk you through later in this article.


However, some people’s daily workflow with Google might be more affected by a sudden block on apps that Google deems “less safe”. This could, for example, include some third-party email clients losing access to your Gmail. Other apps that use secure technologies like OAuth 2.0 may require the generation and use of access tokens to integrate your Gmail account. Moreover, hardware and software, such as printers, that have up until now been able to email scanned documents from your account may require the use of Gmail 2FA paired with the creation of an app-specific password.


However, that doesn’t mean that all apps will be affected by the new regulations. Plenty of apps are built with high enough security that you will be able to keep accessing Gmail through them as if nothing has happened. That said, let’s take a look at how you can ensure you don’t lose access to your Gmail account.


Discover More:
Sick of Big Tech Lock-In? Here are the top six Gmail Alternatives?


What Can You Do About the New Gmail 2FA Regulations?

Online security is important, so keeping up with new Gmail 2FA regulations is something you should pay attention to. While it can seem a little intimidating, there are simple things you can do to keep using Gmail as normal.



1. Use Spike to Access Your Email Accounts

Spike Email


Spike is a powerful tool that offers a state-of-the-art email client as part of an all-in-one productivity app. You can use Spike to access your Gmail accounts even with the new 2FA regulations, and you can also add any other accounts you use – whether they’re from Outlook, Yahoo, or anyone else. In fact, Spike offers the same industry-leading login security as a Google account.


Spike not only brings all your emails together but also unifies your calendars into a single, easy-to-use place. This is in addition to an array of other productivity features such as Video Meetings, Voice Messages, Online Notes, Tasks, To-Do Lists, and more.


Adding your Gmail accounts to Spike is simple, all you have to do is:

  1. Download Spike for your device of choice (or all of them!)

  2. Launch the app and you will see a sign-in screen. Enter your Gmail address and click “Add Account”

  3. A Google authentication window will pop up – follow the onscreen instructions

  4. Google will list the account access that Spike needs – that which is required for you to send and receive emails; make changes to your calendar; and sync your Gmail data across the other devices you use


Read more about Spike’s security

Work in a safe mode with a secure email client

2. Use OAuth 2.0 Apps




OAuth 2.0, aka “Open Authorization”, is a standard that allows websites and apps to access resources that are hosted by another web app on behalf of a user and is the de facto standard for online authorization.


OAuth uses access tokens rather than login credentials to prove that an application has permission to access certain data. In our case, those login credentials will tell Google that it is OK for an external app to access your Gmail.


The OAuth 2.0 standard has a few essential components, what it calls “Roles”:


  • Resource Owner – this is the user (or system) that owns the resources and is able to grant access to them.
  • Client – the system that needs access to the protected resources. It is the client that must have the correct Access Token.
  • Authorization Server: A Client requests Access Tokens from the Authorization Server, which issues them upon successful authentication and consent by the Resource Owner.
  • Resource Server: A server that accepts and validates an Access Token from a Client and returns the resources to it.


On a very basic level, OAuth 2.0 works through five steps, with the Client requiring a client id and client secret from the Authorization Server in order to be valid. You can think about these like a username and password for a specific application. The Client (e.g. a desktop email client) initiates the request for resources (e.g. your emails), which follows this highly simplified flow:

  1. The Client requests authorization from the Authorization Server, supplying its client id and secret

  2. The Authorization Server verifies the Client

  3. The Authorization Server interacts with the Resource Owner to grant access

  4. The Authorization Server redirects back to the Client an Access Token

  5. With that Access Token, the Client then requests the resource from the Resource Server

3. Enable Gmail 2FA on your account

Two-factor authentication (2FA), which Google calls two-step verification, is a relatively common way to help secure accounts across the web, and it does a good job. As we mentioned, Google is on its way to enforcing Gmail 2FA on all accounts, but you can turn it on yourself now to get ahead of the new regulations.


Two-step verification works by requiring a second layer of security when logging in to your Gmail account. In addition to your username and password, you also have to enter a changing code that is sent to a device of your choice – typically, your phone. This can be done via text, call, or a dedicated application such as Google Authenticator.


Ina basic sense, it means that even if your password and username were somehow leaked, people still couldn’t access your account because they won’t have the unique (and changing) code sent to them! So, let’s look at how you can set up your Gmail 2FA today:

  1. Open Gmail or another Google Application

  2. Click on your PFP in the top right-hand corner, and select “Manage your Google Account”

  3. In the menu on the left-hand side, select “Security”

  4. Navigate down to the “Signing in to Google” section and select “2-step Verification”

  5. Click “Get started” and follow the onscreen instructions that will require you to sign in to your Google Account and turn on two-step verification

  6. You will need to enter a recovery phone number to which you have immediate and constant access

  7. Click “Send code” and you should receive a code on the given number, which can then be inputted in the designated field before clicking “Next”

You now have two-factor authentication on your Google account! You can add trusted devices, such as your computer and phone, so you don’t always have to go through a 2FA login on them if you don’t want to.



4. Regularly Manage Secure App Access

As mentioned, only secure apps – those that meet Google’s security standards – will be given access to your Gmail account. However, even if they are secure, it is still worth regularly reviewing and managing different apps’ access to your account.


With secure apps, you can review what level of account access each of them has; limit this access to only the relevant parts of your account (such as your calendar); and disconnect any app any time if you think it is no longer needed.


To check apps that have access to your Google account:

  1. Open Gmail or another Google Application

  2. Click on your PFP in the top right-hand corner, and select “Manage your Google Account”

  3. In the menu on the left-hand side, select “Security”

  4. Navigate down to the “Third-party apps with account access” section

  5. Click “Manage third-party access”

  6. From there you can manage all the various access that apps have to your account


Conclusions on the New Gmail 2FA Regulations

Generally speaking, switching to 2FA for important accounts is a good idea – it’s more secure and will keep you safer if a password is compromised. What’s more, most of the apps you are used to using won’t be affected by the new Google regulations since they are likely already using up-to-date security protocols – and if they aren’t, they soon will be.


Suppose you’re looking for a secure, security-sensitive email client to access your Gmail messages. In that case, Spike is a great option, working with Gmail 2FA and encrypting the passwords of any other email accounts that do not support OAuth.

Spike Team
Spike Team The Spike team posts about productivity, time management, and the future of email, messaging and collaboration.

Gain Communication Clarity with Spike

You may also like