In a significant move to bolster email security, Microsoft has announced the discontinuation of Basic Authentication for its Microsoft Email Authentification services, including SMTP (Simple Mail Transfer Protocol). This change, effective September 16, 2024, mandates the adoption of Modern Authentication methods, such as OAuth 2.0, to access Microsoft email accounts.
How does this affect you?
Basic Authentication, which relies solely on usernames and passwords, has long been a target for cyber threats due to its susceptibility to attacks like phishing and brute force. In contrast, Modern Authentication incorporates multifactor authentication (MFA), enhancing account security by requiring additional verification steps beyond just the password.
For users and organizations utilizing applications or devices that connect to Microsoft email services via SMTP, this transition necessitates significant adjustments. Applications that do not support Modern Authentication will lose access to these email services unless updated accordingly. To facilitate this transition with Microsoft Email Authentification , Microsoft recommends enabling two-step verification and creating app passwords for devices and applications that do not natively support Modern Authentication.
What is an App Password?
An app password is a unique, randomly generated password that allows an application or device to access a Microsoft account when it doesn’t support two-step verification. To create an app password, users can navigate to the Security settings of their Microsoft account, enable two-step verification, and generate a new app password. This password is then used in place of the regular account password within the application’s settings.
This shift aligns with broader industry trends aimed at enhancing email security. For instance, Google implemented similar measures by disabling less secure app access and promoting the use of app passwords for applications that do not support OAuth 2.0.
While this transition enhances security, it poses challenges for users and organizations relying on legacy systems or applications that may not support Modern Authentication. It is imperative for such users to assess their current email clients and applications, update them to versions that support Modern Authentication, or configure app passwords to ensure uninterrupted access.
In summary, Microsoft’s move to enforce Modern Authentication and the use of app passwords for SMTP access marks a significant step toward strengthening email security. Users and organizations must proactively adapt to these changes by updating their applications and enabling necessary security features to maintain seamless and secure email communication.