Etacts Launches First Implementation of oAuth For Gmail IMAP Accounts

Earlier this week, we reported on a number of new security enhancements that we expect Gmail to launch in the next few days, including oAuth support. It looks like we were right: a small startup called Etacts, which launched last month, has just implemented oAuth for Gmail IMAP accounts, allowing Etacts to securely tap into your email without the security risks associated with handing over your Gmail password. This appears to be the first public implementation of Gmail IMAP oAuth support. For email services, this is a big deal.  We expect Google to announce support for the new feature more broadly this week.

So why does this matter? Etacts is a powerful tool for making sure you keep in touch with the friends, family, and business associates that are important to you. But at launch, it came with one significant flaw: it required users to hand over their Gmail account passwords (without them, the service wouldn’t be able to automatically pull in your new email). Even though Etacts seems trustworthy, handing over a password carries risks — if the service was ever hacked, there’s a small chance your password could have been compromised. With oAuth, this isn’t an issue.

Now instead of entering your password, Etacts redirects you to a special Google site, where you can elect to grant Etacts access to your account information (you can revoke this permission at any time).  Etacts still stores your email header information, which contains the subject, timestamp, and recipients of each message, but most people probably won’t have an issue with that.

Now, oAuth isn’t a magic bullet for security — if you give a malevolent service access to your Gmail account, they can sift through your email. What they won’t be able to do, though, is access any of your other Google services (Calendar, Google Checkout, etc). And they won’t have your password stored anywhere, so in the event that their servers get hacked, you won’t have to worry about your password being compromised.

It’s worth pointing out that Google offers oAuth access to some of its other services, like Calendar and Contacts, but this is the first time they’ve offered it for email. Gmail also appears to be the first major email provider to offer oAuth access.