Microsoft Exchange Online Users Face a Key Security Deadline Saturday

Microsoft is about to eliminate a method for logging into its Exchange Online email service that is widely considered vulnerable and outdated, but that some businesses still rely upon. From a report: The company has said that as of Oct. 1, it will begin to disable what's known as 'basic authentication' for customers that continue to use the system. Basic authentication typically requires only a username and password for login; the system does not play well with multifactor authentication and is prone to a host of other heightened security risks. Microsoft has said that for several types of common password-based threats, attackers almost exclusively target accounts that use basic authentication. At identity platform Okta, which manages logins for a large number of Microsoft Office 365 accounts, 'we've seen these problems for years,' said Todd McKinnon, co-founder and CEO of Okta. 'When we block a threat, nine times out of 10 it's against a Microsoft account that has basic authentication. So we think this is a great thing.' Microsoft has been seeking to prod businesses to move off basic authentication for the past three years, but 'unfortunately usage isn't yet at zero,' it said in a post earlier this month.

Read more of this story at Slashdot.