Forum Discussion
Richard42233
Jan 05, 2022Copper Contributor
Outlook app password security
Hi
Currently experiencing some brute force attacks. I have concerns about the app password that is used by the desktop version of outlook as this bypasses the MFA process. I have seen articles where this weakness was exploited. Is there a way this can be made more secure? Any suggestions would be appreciated
Thanks in advance
- The way to make it more secure is to completely disable app passwords 🙂 It's 2022, Office apps have supported Modern authentication for half a decade now, even third-party apps such as Apple's Mail one support it. There is no reason to be using app passwords anymore.
- David_CaddickBrass ContributorThis is still listed under the legacy MFA console - 😞
How can we identify when/where App Passwords are in use? Cause this is needed to understand any potential impact before disabling- oliver_mCopper Contributor
afaik, there is no list of where the app passwords are used.
In the sign-in logs of Azure Active Directory you can show the columns "Client app" and set the filter to the "Legacy Authentication Client".
All legacy authentications of every user and application are now displayed. 
- Richard42233Copper ContributorThanks for replying Vasil.