Sign in / up

back to article Microsoft: Watch out for password spray attacks – especially you, Basic Auth

Microsoft is warning Exchange Online users about a rise in password spray attacks, urging those that have yet to disable Basic Authentication to at least set up authentication policies to protect their users and data. In a post this week, Microsoft's Exchange Team said that enterprises still using Basic Authentication are …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. karlkarl Silver badge

    "Basic Auth" is a bad name for industry standards such as imaps and smtps.

    Microsoft is such a deprecated piece of shite.

    5 4 Reply
    1. Dan 55 Silver badge
      Reply Icon
      Thumb Up

      Yup, this is just lock in. IMAP and SMTP can do OAUTH2 just fine.

      And of course Corporate IT will fall for it, if they haven't already.

      5 0 Reply

    2. This post has been deleted by its author

    3. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Basic Auth is not the same as IMAPS/SMTPS you clown. Read up. https://en.wikipedia.org/wiki/Basic_access_authentication

      0 2 Reply
      1. Dan 55 Silver badge
        Reply Icon

        So wrong you posed it twice?

        Read the Microsoft post, if you can find the link to it in the article.

        0 0 Reply
        1. ABC123456
          Reply Icon

          Whether the transport is TLS/SSL protected or not has nothing to do with the auth type being used.

          If you think the S in IMAPS alone means username and password are not being used, you are wrong.

          0 0 Reply
          1. Dan 55 Silver badge
            Reply Icon

            Why would I be thinking that? That is an absurd conclusion to draw. Just read the Microsoft post linked to in the article and the links to further information given below the post. It's lock in - specific clients (all MS bar one) with MS' proprietary protocol.

            0 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    There is an easier solution for Exchange security

    Just don't use it.

    2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like