Forum Discussion

Richard42233's avatar
Richard42233
Copper Contributor
Jan 05, 2022

Outlook app password security

Hi  Currently experiencing some brute force attacks. I have concerns about the app password that is used by the desktop version of outlook as this bypasses the MFA process. I have seen articles wher...
email security
VasilMichev's avatar
VasilMichev
MVP
Jan 06, 2022
The way to make it more secure is to completely disable app passwords 🙂 It's 2022, Office apps have supported Modern authentication for half a decade now, even third-party apps such as Apple's Mail one support it. There is no reason to be using app passwords anymore.
  • David_Caddick's avatar
    David_Caddick
    Brass Contributor
    Jan 11, 2022
    This is still listed under the legacy MFA console - 😞
    How can we identify when/where App Passwords are in use? Cause this is needed to understand any potential impact before disabling
    • oliver_m's avatar
      oliver_m
      MCT
      Jan 11, 2022

      David_Caddick 

      afaik, there is no list of where the app passwords are used.
      In the sign-in logs of Azure Active Directory you can show the columns "Client app" and set the filter to the "Legacy Authentication Client".
      All legacy authentications of every user and application are now displayed.

       

      • Richard42233's avatar
        Richard42233
        Copper Contributor
        Jan 11, 2022
        Thanks thats useful to know
  • Richard42233's avatar
    Richard42233
    Copper Contributor
    Jan 06, 2022
    Thanks for replying Vasil.

Resources