Microsoft announced recently that they will begin shutting down their Basic Authentication services on October 1, 2022 forcing customers into the superior protection of Modern Authentication. GadellNet has been working with our clients to migrate to Modern Authentication since mid-2021 in an effort to maximize cybersecurity protection and minimize costs.
Why Switch to Modern Authentication?
Modern Authentication uses O Auth access tokens with a limited lifetime. These tokens cannot be reused to authenticate on any resource other than the one for which they were issued. This significantly reduces the likelihood of a cyberattack.
Why is Microsoft Deprecating Basic Authentication?
There are multiple reasons for moving away from this tool, all stemming from providing the best security solution to customers. Basic Auth is an HTTP-based auth scheme apps use to send locally stored credentials in plain text to servers, endpoints, or online services. Users of Basic Auth are vulnerable to “man-in-the-middle” attacks, where bad actors capture credentials over the wire or guess them in password spray attacks. In addition, cybercriminals can steal clear text credentials from apps using Basic Auth through info stealing malware and social engineering.
Legacy Authentication email configurations have resulted in hundreds of thousands of Windows domain credentials being leaked in plain text to external domains, according to Guardicore’s AVP of Security Research, Amit Serper. The integration of Basic Authentication with Multi-Factor Authentication (MFA) is also a pain point for organizations. Enabling MFA is overly complicated and often results in set up errors which makes enforcement difficult. According to the Microsoft Exchange Team, “…Basic Auth is still one of, if not the, most common ways our customers get compromised, and these attacks are increasing.”
What Should You do to Protect Your Organization from Cyberattacks?
For most, transitioning away from Basic Auth should be as simple as removing and re-adding your email account to your mobile device, or switching to Outlook for iOS or Android. GadellNet will be able to assist with workflows that fall outside of that scope for things like printers that scan-to-email, and other automation service accounts that do things send email reports from your CRM or ERP applications. Reach out to your GadellNet Account Manager to begin the process of moving to Modern Auth. They will take the time to talk through the changes you’ll need to make and schedule time to facilitate the changeover.
If you are not a current GadellNet partner, please review our Microsoft partner services and connect with our team to talk about how we might help protect your organization.
Microsoft will not be shutting off Basic Auth completely on October 1, but they will begin randomly selecting tenants and giving them 7-day warnings. They plan to have Basic Auth deprecated completely by the end of December 2022.