IT Alert: Microsoft Permanently Disabling Basic Authentication

Aug 08, 2022

What Does This Mean?

Effective October 1, 2022, Microsoft will permanently disable Basic Authentication (Basic Auth) due to security concerns and outdated technology. The planned replacement is called none other than, Modern Authentication (Modern Auth). So, what does this mean for your organization?

Basic Authentication & Security Issues

Basic Auth simply means an application sends usernames and passwords over the Internet as encoded text. These credentials are also often stored or saved on the device.

While the credentials are encoded, meaning converted to characters or symbols, this form of authentication can expose usernames and passwords. Hackers may intercept the transmission, decoding and stealing the information. Since Microsoft announced its disablement of Basic Auth in September of last year there has been a notable spike in high-level attacks by cybercriminals. According to Microsoft, “As a reminder, Basic Auth is still one of, if not the most common ways our customers get compromised, and these types of attacks are increasing. Every day [you have] Basic Auth enabled; you are at risk from attack.”

Furthermore, Basic Auth does not support multi-factor authentication (MFA) which is the best protection against cyber-attack and is now required under Presidential order 14028. To learn more about MFA, check out our previous blog here.

Modern Authentication

Modern authentication is an umbrella term for a combination of authentication and authorization methods between a client (for example, your laptop or your phone) and a server. With Modern Auth comes additional security features like MFA, smart cards, etc. Modern authentication doesn’t let apps save account credentials and is better designed for Internet-scale and management.

Next Steps

If your organization has not begun the transition to Modern Authentication, it is mission-critical that you begin doing so now.

The US Cybersecurity and Infrastructure Security Agency (CISA) is strongly encouraging organizations to make the move immediately and to enable multifactor authentication.

WVC Technologies can assist you in this transition. Our partner, DMC Technology group and their certified team of technicians can walk you and your team through the process.

Connect With Us.

Greg Gomach

Greg Gomach
Senior Client Executive
Greg.Gomach@dmctechgroup.com

Categories: Risk Services