Basic authentication will remain enabled until the end of December, but will be eliminated, for good, after that, according to Microsoft.
If a customer finds that it can no longer access its accounts after this weekend because basic authentication has been disabled, the customer will be allowed to re-enable basic authentication one more time for each Exchange Online protocol that it might use. When we block a threat, nine times out of 10 it's against a Microsoft account that has basic authentication. Now, the company is in fact giving customers one last chance to buy some more time for the switch. Microsoft has delayed the phase-out of basic authentication on several occasions to give those laggards an opportunity to adopt a "modern authentication" system, which supports a more-secure approach, known as OAuth 2.0, and is easier to use with MFA. Microsoft has been seeking to prod businesses to move off basic authentication for the past three years, but "unfortunately usage isn’t yet at zero," it said in a post earlier this month.
"When we block a threat, nine times out of 10 it's against a Microsoft account that has basic authentication. Microsoft has said that for several types of common password-based threats, attackers almost exclusively target accounts that use basic authentication.Īt identity platform Okta, which manages logins for a large number of Microsoft Office 365 accounts, "we've seen these problems for years," said Todd McKinnon, co-founder and CEO.
1, it will begin to disable what's known as "basic authentication" for customers that continue to use the system.īasic authentication typically requires only a username and password for login the system does not play well with multifactor authentication and is prone to a host of other heightened security risks. Microsoft is about to eliminate a method for logging into its Exchange Online email service that is widely considered vulnerable and outdated, but that some businesses still rely upon.
0 kommentar(er)
