back to article Microsoft: Watch out for password spray attacks – especially you, Basic Auth

Microsoft is warning Exchange Online users about a rise in password spray attacks, urging those that have yet to disable Basic Authentication to at least set up authentication policies to protect their users and data. In a post this week, Microsoft's Exchange Team said that enterprises still using Basic Authentication are …

  1. karlkarl Silver badge

    "Basic Auth" is a bad name for industry standards such as imaps and smtps.

    Microsoft is such a deprecated piece of shite.

    1. Dan 55 Silver badge
      Thumb Up

      Yup, this is just lock in. IMAP and SMTP can do OAUTH2 just fine.

      And of course Corporate IT will fall for it, if they haven't already.

    2. This post has been deleted by its author

    3. Anonymous Coward
      Anonymous Coward

      Basic Auth is not the same as IMAPS/SMTPS you clown. Read up.

      1. Dan 55 Silver badge

        So wrong you posed it twice?

        Read the Microsoft post, if you can find the link to it in the article.

        1. ABC123456

          Whether the transport is TLS/SSL protected or not has nothing to do with the auth type being used.

          If you think the S in IMAPS alone means username and password are not being used, you are wrong.

          1. Dan 55 Silver badge

            Why would I be thinking that? That is an absurd conclusion to draw. Just read the Microsoft post linked to in the article and the links to further information given below the post. It's lock in - specific clients (all MS bar one) with MS' proprietary protocol.

  2. Anonymous Coward
    Anonymous Coward

    There is an easier solution for Exchange security

    Just don't use it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like