Users of Microsoft email domains new security requirements for email program login starting 16 September, 2024

[dogcat]

If you have an Outlook.com, Hotmail or Live.com email address the following will apply.

Microsoft says:
Update your sign-in technology before September 16th, 2024 to maintain email access.

The safety and security of your information is top priority for Microsoft. To help keep your account secure, Microsoft will no longer support the use of third-party email and calendar apps which ask you to sign in with only your Microsoft Account username and password. To keep you safe you will need to use a mail or calendar app which supports Microsoft’s modern authentication methods. If you do not act, your third-party email apps will no longer be able to access your Outlook.com, Hotmail or Live.com email address on September 16th.

What do you need to do?
If you are receiving this email, you are currently using an email or calendar app that uses a less secure authentication method to connect to your Outlook.com email account. You will need to upgrade your third-party mail and calendar app to a version which supports modern authentication methods.

Microsoft provides free versions of Outlook for your PC, Mac, iOS, and Android devices which can be easily downloaded and connect to your email account. Using an updated version of an Outlook application will ensure you are connecting in the most secure way.

How can you set up your Gmail, Apple Mail, or other third-party mail application?
Various non-Microsoft applications will have their own steps for connecting to your Outlook.com email account using modern authentication methods. See our help article - Modern Authentication Methods now needed to continue syncing Outlook Email in non-Microsoft email apps. However, you may need to contact the creators of those applications to provide you with instructions. In many cases, simply removing and re-adding your account with the latest version of that application will configure it to use modern authentication methods.

[wiak]

I'm pretty simplistic in my 'security' behaviours and in that simplicity find anything beyond username plus passwords confusing, annoying, difficult. I end up locked out of many of my accounts because one account asks me to read email sent to another account and the other account says I need to receive an SMS message at a phone number I no longer have, and so on... I end up crazy and without access to many of my most important cloud accounts. This can include github, but not so far, gitlab...

Is it only me that has such problems. If so, then I worry I become indeed locked into the dark ages of yesterday whilst the world has moved on to such an extent that even my basic understanding of certificates and authentication has become too simplistic to be usefully applied. Username plus password only PLEASE

[rockedge]

Username plus password only PLEASE

The owncloud cloud server I run and you have access too is only a password away. I could go crazy with all the double triple identity verification BUT the reality is and facts are, that the really dangerous hackers go right through or around these procedures. Only us, the normal user, regular guys get screwed. So I will keep it password only as long as possible. Because what @wiak describes goes for me as well.

The truth is the extra security keeps more legitimate users locked out than it does bad actors.

[mikewalsh]

Is it only me that has such problems. If so, then I worry I become indeed locked into the dark ages of yesterday whilst the world has moved on to such an extent that even my basic understanding of certificates and authentication has become too simplistic to be usefully applied. Username plus password only PLEASE

@wiak :-

Nah, you're not the only one, Will. Not by a LONG chalk, mate. The interwoven web organizations have created of not only 2nd- (and in some cases, even 3rd-level) verifications and cross-platform corroborations is, frankly, becoming ridiculous. Yet MyCrudSoft's attitude is no different to that of Big Brother Google. Last year, everyone with a Google a/c - regardless of how long they'd held it, OR how "loyal" a user they were - had 2FA rammed down our throats whether we wanted it or not. No choice, no 'opt-out'. Refuse 2FA, and your a/c would be closed on short notice without appeal. Stat. But that's Big Bruvva all over; as a long-time Google user, you get used to the broken promises..!

(Much as I dislike M$, I will give 'em one thing. They usually drag things out way longer than you'd often expect, before finally, almost reluctantly implementing drastic changes like that. Policy with regard to the OS is one thing, but with customer support the shoe does seem to be on the other foot....)

As it happens, I'd decided to try out 2FA about a month before I got the email about it, so at least I'd had the time to set it all up on my OWN terms, along with having a wee while to get the hang of how it would change things going forward...

It's the way the world's heading, I'm afraid.

Mike.

[mouldy]

Yea I had a Hotmail account way back before M$ bought out Hotmail. Anything M$ touches turns to crap. It became spam city and I abandoned it. They may stopped letting me use pop3 cant remember. I know lot of the services hated pop3 cause it let people avoid viewing the ads on email website.

But yea Google is no better. They locked me out of my old Gmail account cause I refused to provide them a cell phone number (the account predated the cell phone verification craze) so they could do the text verification two step (and more easily correlate all my mined data). It was hilarious, I had the Gmail account set up to forward email to another non-gmail email account which it continued to do. So still get emails sent to the Gmail account via that forwarding. Yes they locked me out of my Gmail account but keep sending me warnings to the Gmail account I am locked out of. And now say the account will be deleted unless I log in before some time this fall cant remember the date. I cant log in, you wont let me... Dude just delete the dang thing already. I aint your bitch and you are living in lala land sending warnings to a locked account. I even suggest to make your system even more secure, just do away with Gmail altogether. Think of all the security that would provide the world. LOL

It was funny too, I was playing with an old Chromebook that had bad keyboard so couldnt do the mrcrhomebox UEFI. Well it wanted to set up a Google account for me including a new gmail account. So I made up some name, didnt give it any phone number and voila had it all WITHOUT a cell phone number or correct name. I guess they give benefit of doubt to Chromebook users cause that is a data mining bonanza they dont want to pass up. So much about the imagined security benefits. Want to bypass security, just buy a $10 EOL chromebook.

By way I would be surprised if Thunderbird couldnt support the new M$ email security. They probably just mean you can no longer use your Jeeves email client on win98 from 2001 to pop3 your email. And of course they prefer you run their email software on win11 on new copilot computer I am sure.