Spanning Sends Notice to Users to Remind Them to Re-authenticate on Password Change

posted in: News | 0

It is good security practice to regularly change your passwords for websites and services you use. It also makes sense that if you change your password for a service that uses OAuth to authorize apps that the app also would need to be reauthorized. Unfortunately that has not been how it often worked and as users we don’t even think about reauthorizing apps if we change a password. However, moving forward if you change your Google password and use Spanning backup to backup your Google data you will need to reauthorize the Spanning app on your account.

Spanning recently sent out the following email to their users to remind them of this change, and hopefully if you do change your Google password and Spanning detects that your backup has not been occurring they will send you another email to remind you to reauthorize the Spanning app so your backup can continue without any problems.

Below is a copy of the email I received.

Dear Spanning Customer,
Google recently rolled out a change for individual Google account users to increase account security. As a result of this change, any time a user changes their password, the OAuth 2.0 token will be revoked for any apps that access the user’s email.
Because of this change, until an action is taken by the user, Spanning’s daily automated backups stop after a password change in an individual Google account. To restart automated backups after password changes, you will need to log into Spanning using this link with your Google account username and password and re-authenticate.
If you have changed your password recently, please log in to Spanning and re-authenticate to ensure that Spanning can backup your data.

It would be nice to see other services roll out this type of security update as well. I know the number of apps I have authorized on services like Twitter can get out of hand. I will often try an app or service with my Twitter ID and then forget about the app or service. Perhaps there should be a time limit that an app or service can be authorized for in the first place. I know Facebook is regularly needing to be reauthorized with JetPack and while it is a bit of a nuisance I can understand why.

Leave a Reply