Microsoft turns off Basic Auth for personal Outlook accounts
Microsoft now wants to prevent private mail accounts, such as Outlook.com, from logging in with just a username and password.
(Image: Shutter z/Shutterstock.com)
Microsoft wants to make logging into private email accounts, such as Outlook.com, more secure. To this end, the company plans to no longer support basic auth, i.e. logging in with just a username and password.
In a blog post in the Microsoft Techcommunity, employee David Los writes that the company wants to "protect users' emails, documents, calendars and contacts from unauthorized access, tampering or loss". The security of users who use Outlook for personal purposes is to be improved.
Three-month deadline
Microsoft will switch off Basic Authentication for personal Outlook access on September 16, 2024. In the same breath, Los reminds users that the Windows Mail and Calendar apps will no longer receive support after the end of 2024. Microsoft even stepped on the gas on the weekend: from July, the company will be mutilating the apps so that they can no longer send and receive emails and entries. On August 19, 2024, Microsoft will also be throwing out the light version of the Outlook Web app, which allows access with old web browsers.
This means that by September 16 at the latest, users of personal Microsoft mail accounts on domains such as Hotmail.com, Live.com or Outlook.com will have to switch their email application to modern authentication methods. This includes the new Outlook, current versions of the classic Outlook (from version 2021 build 11601.10000), Apple Mail or Thunderbird. Newer authentication methods require the client software used to be activated, for example using two-factor authentication.
From August, Microsoft will only allow access to the Outlook web interface with current web browsers. At least Google Chrome 79, Microsoft Edge 79, Firefox 78, Opera 76 and Safari 16 will then be required to gain access. At the end of June, Microsoft also plans to disable access to Gmail accounts via the left-hand column on Outlook.com. The "Play My Emails" function and voice search for Outlook Mobile users will also end with the end-of-life of Cortana. Those affected should make do with the native voice commands of the mobile operating system.
The reason for deactivating Basic Authentication is that it makes it easy for attackers to gain unauthorized access to accounts. For example, access data obtained through phishing can be used directly, or account information gathered from older data thefts.
Microsoft had actually wanted to switch off Basic Auth for Exchange Online at the end of 2022, but allowed customers to override this. Until the final deactivation in January 2023, there was an increase in attacks on Exchange Online accounts, as attackers were looking for such accounts with an exception.
(dmk)