Microsoft: New Outlook security changes coming to personal accounts
Microsoft has announced new cybersecurity enhancements for Outlook personal email accounts as part of its 'Secure Future Initiative,' including the deprecation of basic authentication (username + password) by September 16, 2024.
The software giant also announced the end of support for 'Mail' and 'Calendar' apps on Windows, the deprecation of Outlook Light, and removing users' ability to access Gmail accounts via Outlook.com.
Moving to modern authentication
Starting September 16, 2024, Basic Authentication (username and password) for Outlook clients will be phased out for all Outlook personal accounts, including Outlook.com, Hotmail.com, and Live.com.
The basic authentication method is unsafe as it sends credentials over the wire without encryption, allowing networking monitoring tools to capture them. Furthermore, browsers and other applications commonly cache basic authentication credentials until the browser is restarted, allowing them to be used by others with access to the device.
"While Basic Auth was the standard for quite some time, it also made it easier for bad actors to capture a person's login information," explains Microsoft.
"This increased the risk of those stolen credentials being reused to gain access to a person's email or personal data. Email-based cyberattacks have only increased with time, so we are requiring modern authentication for all Outlook customers to better help protect their personal accounts."
By switching to more modern authentication methods, the basic auth credentials will be replaced by token-based authentication backed by multi-factor authentication (MFA).
However, these changes will cause problems for users using older apps that only support Basic Authentication, as they will no longer be able to access Outlook.com, Hotmail.com, or Live.com email accounts after September 16.
Instead, users will need to switch to the latest versions of Outlook, Outlook for Windows, Apple Mail, Thunderbird, or other compatible email clients that support modern authentication methods.
Users with a Microsoft 365 subscription can use the Outlook version included in their plan, while those using Outlook 2021 (build 11601.10000 or higher) are already equipped with 'Modern Authentication' and will not be affected.
Deprecations and EoL announcements
Microsoft also announced the deprecation of the Mail and Calendar apps, encouraging existing users to migrate to the new Outlook for Windows, which offers enhanced security.
Mail and Calendar will remain on the Microsoft Store until December 31, 2024, and after that date, they will no longer be supported.
A "switch to Outlook" toggle will be added to the interfaces of both apps to streamline the migration process for impacted users.
Another deprecation is the 'light' version of the Outlook Web App, which reaches the end of support on August 19, 2024.
This lightweight version was provided for users with older and less capable web browsers. Microsoft is now retiring it due to the heavily degraded experience and lower security standards it adheres to.
Microsoft also announced that, as of June 30, 2024, Outlook.com will no longer allow users to access Gmail accounts. Standalone Outlook clients for Windows and Mac will continue to offer this functionality, though.
Finally, as a side effect of the Cortana deprecation, 'Play My Emails' and 'Voice Search' on Outlook mobile will also be removed at the end of this month.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024