Basic Authentication makes it easier for attackers to capture a user's credentials.


Impacted services include but are not limited to: any email client that uses POP or IMAP, native email clients on iOS or Android, Outlook 2016 for Mac and Outlook 2013/2010 for Windows, versions older than Thunderbird 78, and non-GUI clients (e.g., Pine).

Action Needed

Review 3rd party clients that receive WPI email.


What is Basic Authentication?

Basic Authentication is an old authentication method in which the email client passes the username and password with every request.  

What is Modern Authentication?

Modern Authentication is a more secure method based upon OAuth 2.0. Modern authentication supports Multi Factor Authentication. Modern authentication with WPI email will look like this:

Example of OAuth