Security protocols are evolving. In Adfinity we have to align ourselves with the security recommendations to always provide secure access to our applications. Read in this article what it all means.
Are you concerned by this blog post?
If you use one of the following applications: Services Manager, WRKEMLARC and Adflow in combination with an Office 365 account to send and/or receive e-mails, then read this blog post carefully and contact your IT Service/Consultant.
Adfinity before the version 1.10
To be able to send/receive an email we define different settings like a server address, a login and a password.
Everything seems perfect, but it's not an effective enough security method for today's users because the protocol used is based on a basic authentication system.
To understand why it's not an effective enough security method, here are a few ways basic authentication is lacking:
- If the connection is not secured through TLS, the password could be intercepted
- If multifactor authentication is not set up (as is typical with Basic Authentication) there are no additional safeguards preventing people who now have the credentials from accessing the account
- Their credentials give access to all resources associated with their account
- Their credentials can be used by anyone, at anytime
What is the alternative?
To secure the access to an account, we need to use a modern authentication system named OAuth 2.0.
In short, with the OAuth 2.0 protocol you'll receive a token to use in Adfinity applications.
Tokens are more secure than passwords as they contain specific bits of information, known as claims. These specify additional rules for accessing the account, such as
- An expiration date
- Which application can use the token
Adfinity 1.10 and beyond
With Adfinity 1.10 you'll be able to use the OAuth 2.0 protocol within Easi's services, WRKEMLARC and Adflow.
Talk about this new feature to your IT Service/Consultant as they'll need to take some actions to implement the new authentication process.
What about other mail services?
This new feature is only available for Office 365 account.
If you use your own mail server or another service like Google, ... you can use your application as usual. There are no changes required.
Is there a deadline?
Yes there is!
Due to the Covid-19 crisis, Microsoft decided to give customers more time to move away from basic authentication and pushed back its deprecation.
Beginning October 1, 2022, Microsoft will begin to disable Basic Authentication in all tenants, regardless of usage.
We know that Microsoft will provide 12 months notice for the official date that basic authentication will be disabled for all active O365 users, but to avoid problems, we are already compatible with the oAuth 2.0 protocol in our applications.
Furthermore, Microsoft started to disable old version of the TLS protocol (TLS 1.0 and TLS 1.1) on the Office 365 infrastructure making it impossible to send a mail from our applications.
In this case, the usage of a new SMTP server or an update of Adfinity will also be necessary.
Do you have any question regarding this? Don't hesitate to contact your consultant. He'll gladly help you set up everything.