Security News > 2022 > October > Microsoft: Watch out for password spray attacks – especially you, Basic Auth

Microsoft is warning Exchange Online users about a rise in password spray attacks, urging those that have yet to disable Basic Authentication to at least set up authentication policies to protect their users and data.

For three years, Microsoft been weaning popular software offerings like Outlook Desktop and Outlook Mobile App off Basic Auth in favor of more secure user authentication methods.

Millions of users have moved away from Basic Auth to Modern Auth over those three years and Microsoft has disabled it in millions of tenants, according to the company.

These customers will have to face identity attacks using Basic Auth.

To combat this, Microsoft is recommending organizations that are still using Basic Auth set up Exchange Online Authentication Policies, which will ensure that only those accounts that the organization knows should be using Basic Auth with specific protocols can.

Microsoft initially expected to disable all use of Basic Auth before the end of the year, but knew that despite the warnings, there were still many that continued to use the legacy authentication method.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/10/04/microsoft_exchange_password_spray/