Start using Modern Auth now for Exchange Online The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October. In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted …
...fuck up.
Considering we still have some machines that used Office 2013 that UNDERSTANDS MFA, apparently. Yet, randomly, I'll have one fucking user where Outlook 2013 decides it doesn't understand MFA and will only accept the one time password setup.
Fix you're fucking MFA setup Microsoft before turning off traditional logins.
Is Office 365/Microsoft 365 ‘Exchange On-line’??
Methinks not… and that leaves hundreds of millions of domestic and business users no further forward.
Enabling MFA for my elderly Dad’s iPad to continue receiving his ISP’s ‘free’ e-mail hosted on Office 365 makes me cringe. He still doesn’t remotely understand CAPTCHA by comparison.
https://docs.microsoft.com/en-us/deployoffice/endofsupport/microsoft-365-services-connectivity#impact-of-using-older-office-clients-to-connect-to-microsoft-365-services
As per this link, office versions older than office 2016 may experience performance and reliability issues as changes will not be tested on them.
I have worked in various companies that use Microsoft based authentication, and from what I have seen you have to invest WAY too much trust in Microsoft - the amount of data hauled to Redmond with every single transaction under the banner "authentication" is shocking.
With this move, Microsoft adds mobile tracking to its already considerable data haul (I'm betting GPS location will at some point be folded in as a mandatory extra "security" measure)- of course, the US government and its plethory or agencies will promise never to attemp using that, right?
Right?
"...At any rate, reading emails while on holiday is a challenge as the account invariably gets locked out because I logged in from an unusual location..."
Good. Do yourself a favour and stop reading work emails on holiday. There is rarely, if ever, anything of such importance that it won't wait until you return.
It's your time off. Your time to unwind.
Always remember this little mantra: "If you drop dead tomorrow, the company you work for will have replaced you within a couple of weeks. Your family will be impacted forever."
I've posted before, but I point blank refuse to work beyond my contracted hours (except for the occasional, pre-planned requirement, or for say a P1 incident that affects me/my team). I've said that now for around the last 13/14 years.
Weekends are family time. Evenings are family time.
>Good. Do yourself a favour and stop reading work emails on holiday.
Some people have managed to have separate work and personal email accounts.
With so much stuff going "digital" you need a working email box so you can receive the e-tickets etc. you need to gain admission to trains, planes, hotels, theatres, attractions ...
You might say you can use "the app", but it is surprising how many app's decide you need to reconfirm your security by sending an email to which you are expected to respond to within an hour or so...
Or - and I know it's old school but you can print things out as a backup. And take screenshots of e.g. QR codes on your phone so they work offline.
I am yet to check onto a flight or into a venue that requires an *online* version of anything.
You can always, you know, try to plan ahead a little.
>I am yet to check onto a flight or into a venue that requires an *online* version of anything.
Yes it is lovely when everything works and goes according to plan, but then the real world impinges...
>You can always, you know, try to plan ahead a little.
Obviously don't have teenagers, but in general, people don't plan ahead in the way you suggest and to the extent, we did 10~20 years back - they have brought the advertising that mobile is available everywhere and that the Internet just works - and the app will have downloaded the QR code and not require an online connection to re-authenticate you to permit display...
I like email clients that download messages and don't require a network connection to load and view the (previously sync'd) inbox, however, that now increasingly seems to be old school...
I am dependent on these. Are they going to end. MS already making them harder. I have had to givr up on Gmail.
When I log into a new wifi, MS warns, but now having travelled to unsafe France, my accounts were suspended. Embarrassing when try to accesss flight tickets...
Do I need to transition? If so to what? Needs to work with UBports and conventional Linux
The authentication 'experts' must all live in big city cocoons. Having a phone as part of the authentication is crazy. I can't rely on being able to authenticate when using a venue's internet just outside London (or sometimes even inside) if there is no phone service.
Also, for years I could get by with a credit card and just a few pounds in cash. Now I have to take a wodge of cash, again in case there's no phone access for card authorisation.
Even if all that is good. It's still not secure. It's not the phone that's the ID it's the information held on the SIM... which can be faked.
Genuine question - I've had a lot of prompts to prove it's me when buying online, which you expect but I've never had to approve a transaction made in person yet. Is it something that is common now?
I have previously used MS Authenticator on a phone without a SIM in it, just a WiFi connection. Happy to stand corrected though, as that was a while ago now.
I do know that my Barclays app used to shit itself on dual-SIM phones so I can well believe MS Authenticator IS tied into the SIM now.
I do know that my Barclays app used to shit itself on dual-SIM phones so I can well believe MS Authenticator IS tied into the SIM now.
No problem for me. I have a work SIM and my own, in my Huawei phone. Barclays does not care and never has a problem. Is it that my phone is less accessible to US spooks?
Phone is literally the worst MFA device. Just get everyone a hardware U2F/FIDO2 token with NFC, it works for every MFA application you'll need.
Well, except for my bank, which as I re-read your post, is the target of your ire. Banks MFA is bonkers anyway, the factors should be independent, where as your card and your phone are both "something I have". HSBC's process these days allows for the app to generate OTP without any network access, so you aren't reliant on an SMS message to get your approval token.
However, per TFA, hardware keys are the best thing for MFA for websites or services on your PC or phone. I even keep my SSH and GPG keys on them.
I don't want any of them to know that I have a phone because its none of their business and I don't want anyone to link all of my logins to a single 2fa dongle. That means I have to have a non-USB one, actually I need one for each service because I don't want someone to find/take my 2fa dongle and then work backwards to find my accounts and my locations when accessing those accounts.
the convenience isnt' worth it to me. just give me a 128character password limit and I'll be safe.
The first embarrasdment on this holiday was booking new flight after the first was cancelled. No mobile data so logged into the wifi. MS bleated but safe UK so did not suspend. Ordered tickets. Bank wanted verfication. Was too slow realising why no txt, so bank froze account...
Was able to get tickets later, but this is all getting too hard for me.
Get an email account with someone competent and not looking to rape your privacy like MS and Google.
Even Yahoo! is better these days, they do insist on a generated token for login to get round P4 (piss-poor-password-practice) but sadly I have to report the purple palace now is easier and more reliable than Gmail/MS for simple POP/SMTP email access from Thunderbird.
Funnily enough, I've been paying circa £7 pcm (£84 pa) since the late 1980's for an email service (and some other services now little used) from a small UK-based provider. The surprising thing is despite some changes in ownership, the service is still running and I've not had to change my email address in all that time.
So I would agree for circa $/£ 100 a year you should be able to get a decent email service, from a dedicated provider.
For people wanting to continue to use real standards such as POP, IMAP and SMTP, do check out DavMail:
http://davmail.sourceforge.net/
IRC users will be familiar with the concept. It basically acts as a proxy / bridge between the internet standards and the nonsense proprietary bullsh*t that idiots tend to force on the industry.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
