17 June 2024

Microsoft: New Outlook security changes coming to personal accounts


Microsoft has announced new cybersecurity enhancements for Outlook personal email accounts as part of its 'Secure Future Initiative,' including the deprecation of basic authentication (username + password) by September 16, 2024.

The software giant also announced the end of support for 'Mail' and 'Calendar' apps on Windows, the deprecation of Outlook Light, and removing users' ability to access Gmail accounts via Outlook.com.

Starting September 16, 2024, Basic Authentication (username and password) for Outlook clients will be phased out for all Outlook personal accounts, including Outlook.com, Hotmail.com, and Live.com.

The basic authentication method is unsafe as it sends credentials over the wire without encryption, allowing networking monitoring tools to capture them. Furthermore, browsers and other applications commonly cache basic authentication credentials until the browser is restarted, allowing them to be used by others with access to the device.

"While Basic Auth was the standard for quite some time, it also made it easier for bad actors to capture a person's login information," explains Microsoft.

"This increased the risk of those stolen credentials being reused to gain access to a person's email or personal data. Email-based cyberattacks have only increased with time, so we are requiring modern authentication for all Outlook customers to better help protect their personal accounts."

By switching to more modern authentication methods, the basic authentication credentials will be replaced by token-based authentication backed by multi-factor authentication (MFA).


No comments:

Post a Comment