The Future is Passwordless: Exchange Online is Spearheading the Change
(Password) Changes are in the Air
As technology advances and businesses accelerate their adoption of the cloud, Software developers double down on their “out with the old, in with the new” attitude.
One of the biggest drivers of change is security - especially passwords. According to Microsoft, there were 921 password attacks every second in 2022 — almost double the frequency in 2021. The adjusted losses for these password hacks were nearly $2.4 billion.
Passwords are incredibly easy for hackers to compromise, especially since most users experience password fatigue. Let’s face it — creating and remembering passwords with numbers, special characters, and upper-/lower-case password requirements can be a headache. As a result, people start reusing and rotating passwords. Although a vast majority of people understand that this practice is a risk (91%), more than half (59%) admit to practicing this password-management technique anyway.
The future of passwords is a world in which there aren’t any. About 93% of IT leaders have reported that they will “likely” adopt passwordless authentication or modern authentication. Modern authentication is a method that doesn’t rely on a knowledge-based or a static password for access. Instead, it uses other authentication factors like biometric traits (facial scans and/or fingerprints) or a possession factor (a hardware token, OTP, or mobile authenticator app).
Password Changes for Microsoft Exchange Online
Microsoft is taking a modern authentication mainstream. As of October 1, 2022, Microsoft has removed the ability to use basic authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB) as well as Outlook for Windows and Mac. SMTP AUTH in all tenants will also be disabled.
Microsoft first announced its transition to modern authentication in 2019. Since then, there have been multiple messages from the company about this upcoming change.
“Since our first announcement nearly three years ago, we’ve seen millions of users move away from basic auth, and we’ve disabled it in millions of tenants to proactively protect them,” Microsoft wrote in the Exchange Online blog.
“We’re not done yet though, and unfortunately usage isn’t yet at zero. Despite that, we will start to turn off basic auth for several protocols for tenants not previously disabled.”
How Will Modern Auth Affect You?
If you’re an organization that heeded the warnings of that October 1st Exchange Online basic auth shutdown, you’re good to go. If you opted for the three-month delay offered by Microsoft, you have until January 1, 2023, to get your ducks in a row.
The self-service diagnostic can help you temporarily re-enable a protocol’s basic auth that has been turned off. It can also help you request exclusion in Microsoft’s proactive protective expansion program; however, you can only re-enable it until the end of 2022.
To re-enable, follow these steps:
- Sign into your O365 portal.
Choose Help & Support.
Enter “Diag: Enable Basic Auth in EXO”, then click Run Tests.
Check the protocol to re-enable, then acknowledge the settings change. Click Update.
Need Help? Contact Trusted Tech Team
Changing to any program can be stressful and confusing. If you need help with this continuing update to Microsoft Exchange Online password protocols, you can contact Trusted Tech Team via Email, phone, or chat.
Subscribe to the Trusted Tech Team Blog
Get the latest posts delivered right to your inbox