Information Security, Top News

Gmail for Android gets safer with OAuth authentication for Microsoft, Yahoo accounts

Google is making it safer and easier to add third-party accounts to Gmail for Android. Soon Gmail users will see the option to add Microsoft and Yahoo accounts via OAuth. That means users will no longer have to enter their user names and passwords into Gmail for Android to add these services.

Instead, Gmail will rely on Microsoft and Yahoo for authorization. If you’re logged in to your account, for example, Microsoft will present users with a button to allow Gmail for Android to access your account. Once that’s done, Microsoft gives Gmail a token (basically a text file) that allows the app access to that account.

If the user isn’t logged in to Microsoft, they’ll have to go through the login process before getting to the OAuth screen.

While OAuth is new to Gmail for Android, it’s something most users should be familiar with. Anyone who’s ever authorized an app to access a Facebook or Twitter account, for example, will be immediately familiar with the Gmail for Android process.

The new Gmail for Android feature is rolling out now. Google says it should be available to all in the next few days.

The impact on you at home: OAuth support offers a higher degree of security, because you don’t have to enter your account details into Gmail for Android. That means an unknown vulnerability in Gmail for Android could never leak your Microsoft or Yahoo credentials, because it doesn’t have them. In the event of a hack, OAuth also allows you to quickly de-authorize Gmail for Android with one click from your Microsoft or Yahoo account settings. In addition, Google says OAuth makes it easier to use added security features like two-step verification, which typically won’t work when you enter a primary password directly into a third-party app.

Previous ArticleNext Article
Send this to a friend