Forum Discussion

Richard42233's avatar
Richard42233
Copper Contributor
Jan 05, 2022

Outlook app password security

Hi 

Currently experiencing some brute force attacks. I have concerns about the app password that is used by the desktop version of outlook as this bypasses the MFA process. I have seen articles where this weakness was exploited.  Is there a way this can be made more secure?  Any suggestions would be appreciated 

Thanks in advance

  • The way to make it more secure is to completely disable app passwords 🙂 It's 2022, Office apps have supported Modern authentication for half a decade now, even third-party apps such as Apple's Mail one support it. There is no reason to be using app passwords anymore.
    • David_Caddick's avatar
      David_Caddick
      Brass Contributor
      This is still listed under the legacy MFA console - 😞
      How can we identify when/where App Passwords are in use? Cause this is needed to understand any potential impact before disabling
      • oliver_m's avatar
        oliver_m
        Copper Contributor

        David_Caddick 

        afaik, there is no list of where the app passwords are used.
        In the sign-in logs of Azure Active Directory you can show the columns "Client app" and set the filter to the "Legacy Authentication Client".
        All legacy authentications of every user and application are now displayed.

         

         

Resources