Microsoft Basic Auth is Going Away — Are You Prepared?

On October 1st, Microsoft will be retiring a security protocol that, while considered quite old by today’s security standards, is still an integral piece of many businesses’ workflows. This security protocol, known as ‘basic authentication’ or ‘basic auth,’ is a soon-to-be antiquated method of signing into one’s email account. It lacks many of the security features that modern security provides, like two factor authentication and other critical safeguards.

On October 1st 2022, Microsoft basic authentication will be immediately and permanently discontinued, leaving many automated workflows at risk of malfunctioning. The good news, however, is that there’s still time for you to upgrade your security and prevent workflow disruption and/or unavoidable downtime. In this article, we’ll walk you through what Microsoft basic auth is, why it’s going away, and why and how you should migrate away from it.

What is Microsoft Basic Authentication?

Simply put, Microsoft basic authentication is an old protocol for logging into one’s email and other online services. It’s an aging holdout from the early days of email — instead of a full suite of two-factor authentication, modern encryption and the like, Microsoft basic auth hails from the days when all you needed to sign in was a username and a password.

Basic auth was deemed acceptable back during its heyday, but as security needs grew and hackers became more adept at hacking, most moved on to better security protocols. Today, this legacy authentication method is not only soon to be discontinued, but vulnerable to all sorts of potential attacks from hackers and other data thieves.

One such attack is known as “password spraying,” where an attacker ‘sprays’ hundreds or thousands of the nation’s most popular passwords at every email address on your network, in the hopes that just one of those passwords will unlock just one of those email addresses.

In other words, if one of your employees has “Password12345!” as their password, they’re almost guaranteed to be compromised in the event of a password-spraying attack. Once a hacker does compromise an email, they’ve got their foothold inside your network — and there’s no telling what they’ll do next.

You may currently be using basic authentication in Exchange online, Microsoft’s biggest service that uses basic authentication.

How Do I Know if I’m Using Basic Auth?

Fortunately, Microsoft has made it easy to determine whether or not your business is stuck on basic auth or not.

When logging in to Exchange or other online service from the company, you should see a plain white box with the Microsoft logo in the top left. This box should prompt you for an email, phone number, or Skype username. This is a modern authentication-enabled box, and they all look identical — and that’s by design.

Contrast this with a basic authentication box, which does not have a modern Microsoft logo present anywhere in the login box. It may also present you with a username and password box at the same time — modern authentication does not do this. It instead has you enter in your email/phone/username, then plays a transition, then asks you for your password on that same line.

Why Microsoft Basic Auth is Being Discontinued

As mentioned above, business security needs have evolved significantly since the early days of email. Microsoft recognizes that basic authentication will only continue to degrade and deprecate as time goes on, and so, decades after its introduction, they have finally began the process of discontinuing it. Basic auth is simply not cut out for the future — technology and bad actors have simply become too advanced for it to handle.

Microsoft would also prefer that their users enable their more modern authentication and security features, the aforementioned two factor authentication being the biggest example.

Why You Should Migrate Away From Basic Authentication

Simply put, migrating away from and disabling Microsoft basic auth will not only protect your emails and network, but will prevent the sudden malfunctioning of your business’s automated email workflow.

If your business relies on certain applications that make heavy use of emails, like Quickbooks, Salesforce, Mailchimp and others, those applications’ workflow integrations will likely stop working come October 1st if they use basic auth.

This can potentially cause major disruptions in your workflow and thereby majorly disrupt your business. If, for instance, you are sending out engagement or reminder emails to your client base via Mailchimp or Constant Contact, Microsoft basic auth’s discontinuation will stop all of these emails from going out indefinitely, until you upgrade your security.

Additionally, if you have a website that features an interactive form, and your website uses Microsoft basic auth to send out emails, that form may stop notifying you when someone fills it out. In a worst-case scenario, questions, comments, and leads gathered via that form may be lost if the Microsoft email these forms are being sent to still uses basic auth after October 1st.

How to Upgrade to Modern Authentication

The only way to purge Microsoft basic auth from your network is to sign out of any email, website, application, etc. that still uses it, and to swap it out with Microsoft’s modern equivalent.

While this is a relatively simple process for simple or very small firms, you may find it difficult or confusing if yours is a large business. In those cases, we recommend professional migration help. This way, you can rest assured that your business’s security is up-to-date, and that your workflow will not encounter any sort of downtime or unexpected interruptions.

In the greater Denver area, get in touch with us at Complete Business Systems to upgrade your security now. With decades of experience in business technology, there is no one else more prepared to rid your business of basic authentication than CBS.