Microsoft has announced that of 16 September 2024, basic authentication (using an email address + password) will no longer be an option for personal Microsoft accounts, i.e. Outlook.com, Hotmail.co.uk and Live.com.
Microsoft: New Outlook security changes coming to personal accounts (bleepingcomputer.com)
To access these accounts users will need to set up an authenticator app so MFA stands between them and the threat actors. This removes a huge set of cyber security vulnerabilities such as brute force attacks on weak passwords, the reuse of passwords by the user, insecure transmission of password data and even writing the password on a bit of paper by the computer.
Your takeaway
What we need Microsoft to do is make this the standard for Microsoft 365 accounts.
Do you have a comprehensive, enforced password, MFA and credentials policy?
Clive Catton MSc (Cyber Security) – by-line and other articles