diff --git a/setup.py b/setup.py
index f0eeec4..83ec81e 100644
--- a/setup.py
+++ b/setup.py
@@ -14,7 +14,11 @@ requirements = [
     # https://github.com/mitsuhiko/click/issues/200
     'click>=5.0',
     'click-log>=0.1.3',
+
+    # https://github.com/pimutils/vdirsyncer/issues/456
+    # https://github.com/click-contrib/click-threading/commit/70319372acc3a6fa90c86f00ac344f5319e1b603  # noqa
     'click-threading>=0.1.2',
+
     # !=2.9.0: https://github.com/kennethreitz/requests/issues/2930
     # >=2.4.1: https://github.com/shazow/urllib3/pull/444
     #
@@ -23,9 +27,11 @@ requirements = [
     # replicate vdirsyncer's current behavior (verifying fingerprints without
     # verifying against CAs) with older versions of urllib3.
     'requests >=2.4.1, !=2.9.0',
+
     # https://github.com/sigmavirus24/requests-toolbelt/pull/28
     # And https://github.com/sigmavirus24/requests-toolbelt/issues/54
     'requests_toolbelt >=0.4.0',
+
     # https://github.com/untitaker/python-atomicwrites/commit/4d12f23227b6a944ab1d99c507a69fdbc7c9ed6d  # noqa
     'atomicwrites>=0.1.7'
 ]
diff --git a/vdirsyncer/storage/google.py b/vdirsyncer/storage/google.py
index eb9bb73..e86787b 100644
--- a/vdirsyncer/storage/google.py
+++ b/vdirsyncer/storage/google.py
@@ -3,8 +3,12 @@
 import json
 import logging
 
+from atomicwrites import atomic_write
+
 import click
 
+from click_threading import get_ui_worker
+
 from . import base, dav
 from .. import exceptions, utils
 
@@ -30,11 +34,15 @@ class GoogleSession(dav.DavSession):
         self.useragent = client_id
         self._settings = {}
 
-        token_file = utils.expand_path(token_file)
-
         if not have_oauth2:
             raise exceptions.UserError('requests-oauthlib not installed')
 
+        token_file = utils.expand_path(token_file)
+        ui_worker = get_ui_worker()
+        f = lambda: self._init_token(token_file, client_id, client_secret)
+        ui_worker.put(f)
+
+    def _init_token(self, token_file, client_id, client_secret):
         token = None
         try:
             with open(token_file) as f:
@@ -43,7 +51,7 @@ class GoogleSession(dav.DavSession):
             pass
 
         def _save_token(token):
-            with open(token_file, 'w') as f:
+            with atomic_write(token_file, mode='w', overwrite=True) as f:
                 json.dump(token, f)
 
         self._session = OAuth2Session(