Wednesday, 17 Jul 2024

The Demise of IMAP for Microsoft Users

the imap server doesn't support password authentication

Note: Deferred end of support date “In response to the unprecedented situation we are in and knowing that priorities have changed for many of our customers we have decided to postpone retiring Basic Authentication in Exchange Online (MC204828) for those tenants still actively using it until the second half of 2021. We will provide a more precise date when we have a better understanding of the impact of the situation.” – Microsoft

No worries, Missive still supports Office 365, Outlook, and IMAP. 😅

On October 13th, 2020, Microsoft will stop supporting username and password authentication for the IMAP and POP3 protocols.

In simple terms, any email application that currently connects to Microsoft email servers using IMAP or POP3 (Basic Authentication) will no longer function.

Basic Authentication refers to the method by which an application passes the username and password of a user. However, this method can be insecure, particularly when third-party involvement is required and user credentials must be stored for authentication purposes.

To address this issue, Microsoft introduced Modern Authentication, based on the OAuth 2.0 authentication method. Rather than sharing passwords, Modern Authentication uses authorization tokens, acting as temporary passwords, to verify the identity between users and service providers.

Tham Khảo Thêm:  P2Pe vs E2EE: Which Encryption Standard Should You Choose?

The advantage of this approach is that applications connecting to your Microsoft account will never receive your actual password. Additionally, you have the ability to revoke access to these applications directly from your Microsoft account, enhancing security.

However, the deprecation of Basic Authentication by Microsoft poses a major challenge for email clients that solely support the IMAP/POP3 protocols. Effective October 13th, 2020, the only way for email clients to sync with Microsoft accounts will be through the implementation of the proprietary Outlook REST API or the Exchange protocol.

While the IMAP protocol technically supports OAuth 2.0 authentication through an extension (similar to how Gmail works), Microsoft is unlikely to support this extension in a timely manner. Although incoming support has been announced, no estimated time of arrival (ETA) has been provided:

“To make it easier to migrate your existing applications to use OAuth 2.0, we are making significant investments to our service that include OAuth 2.0 support for POP, IMAP, and background application support for Remote PowerShell MFA module. We will be sharing more information on these new features over the coming months.”

Fortunately, this change does not affect our users. Our syncing engine now supports Modern Authentication via the Outlook REST API. As a cloud-based email client, the elimination of the need to store and encrypt user passwords represents a significant improvement. However, it is disappointing that Microsoft did not initially offer IMAP connections with the OAuth 2.0 extension.

In conclusion, while the death of IMAP for Microsoft users poses challenges for certain email clients, rest assured that Missive continues to provide full support for Office 365, Outlook, and IMAP. Stay connected with confidence!

Tham Khảo Thêm:  Protecting Your Personal Information from the Dark Web