Auth changes for Outlook 2024 October

[Keith Moon]

Account Settings/Server Settings/Advanced.../Maximum number of server connections to cache. The default is 5 I think. Set it to 2.

I will definitely try this. Mine was set to 1, however, I will check this out. Thank you.

[gabrgv]

You can use KeePassXC for example to generate TOTP passwords.

Just went through all the headache of setting 2FA, app passwords and TOTP passwords.

But it looks like Microsoft doesn’t requires TOTP to set 2FA and app passwords, I used an e-mail account instead. Problem is that I realized it too late, and I have now KeepassXC generating TOTP passwords.

This app password thing may not last forever, though. I particularly don’t think it will.

It’s getting hard to live.

[Moonchild]

It’s getting hard to live.

Not at all, but it might mean you have to get rid of your toxic relationship with "free" e-mail providers.

[Keith Moon]

Just an update from this page which provides an explanation to my Outlook account quandry:
https://support.microsoft.com/en-us/off ... 986499a90d

It states:

Basic Authentication interim experience

Until September 16th, users signing into Outlook.com through Basic Authentication may experience recurring password prompts in Outlook and other third-party email applications. This is a known issue. After September 16th, users attempting to connect their Microsoft accounts through Basic Authentication will fail to do so.

I received a notification from Microsoft that the switchover is September 16th. Yay!

[Keith Moon]

The following weekend, and it appears the Outlook accounts are still working on Epyrus, and other older mail clients. I'm surprised that there isn't more interest in this topic. Seems like a big deal, since the developer himself noted in this very thread being at least somewhat invested in the Microsoft ecosystem with three Outlook accounts.

Anyway, Epyrus seems to be still going on Outlook accounts ... for now.

[athenian200]

The following weekend, and it appears the Outlook accounts are still working on Epyrus, and other older mail clients. I'm surprised that there isn't more interest in this topic. Seems like a big deal, since the developer himself noted in this very thread being at least somewhat invested in the Microsoft ecosystem with three Outlook accounts.

Anyway, Epyrus seems to be still going on Outlook accounts ... for now.

It's not for a lack of interest, it's just that OAuth2 with Microsoft accounts is a really tough nut to crack, and honestly I just haven't had the time and energy to do a lot on that front (really the energy is probably the bigger issue). I'm honestly kind of unhappy that I might have to deal with it, because I was hoping to use something else as a workaround that I recently found out won't be a possibility. This would be a lot of work, and there's a possibility that even if I did put in the work, Epyrus still wouldn't work with Outlook accounts out of the box, and would always require a very awkward workaround.

When it comes to Epyrus, I honestly just feel stuck and frustrated with how much work everything that needs to get done with it is, for so little hope of success, and wind up getting depressed and wanting to think about other things. That's not a good sign, is it? LOL.

The problem is, Mozilla originally only set this up to work with Google's OAuth2, and it's going to be kind of a pain to adapt it to work with Microsoft's implementation. It can be done, but the reason why other e-mail clients aren't bothering is because even if the work is done to implement it, it will require awkward workarounds for the user and not be very pleasant to deal with more than likely. So basically I'm staring down the barrel of doing work I really don't want to do to make this work on my end, so that my users can do work they really don't want to do to make this work on their end, just because we've been given hoops to jump through by the powers that be.

That said, I do appreciate the reminder. It lets me know that I really do need to get on top of this... the less you talk about it, the less I think about it.

[LAR Grizzly]

The problem is, Mozilla originally only set this up to work with Google's OAuth2, and it's going to be kind of a pain to adapt it to work with Microsoft's implementation.

Could this be why I'm having trouble getting Epyrus to work with Gmail? I managed to get Thunderbird and SeaMonkey to work with my new Gmail account, but when I try to use Epyrus, I get "username and password not accepted".

[Moonchild]

Could this be why I'm having trouble getting Epyrus to work with Gmail? I managed to get Thunderbird and SeaMonkey to work with my new Gmail account, but when I try to use Epyrus, I get "username and password not accepted".

gmail now requires app passwords. it will fail if you try to use you main google account login.
for this you need to fiorst enable 2FA in google accounts, then create an app password. then use that app password in Epyrus.

[LAR Grizzly]

gmail now requires app passwords. it will fail if you try to use you main google account login. for this you need to first enable 2FA in google accounts, then create an app password. then use that app password in Epyrus.

Gmail is the only Google account I have. I couldn't find where to enable 2FA. Could you give me some steps to where the setting is and how to create an App Password?

Thanks

[moonbat]

Gmail is the only Google account I have. I couldn't find where to enable 2FA. Could you give me some steps to where the setting is and how to create an App Password?

Thanks

Here you go. First item in the section 'How you sign into Google'. It's recommended that you not use SMS as an option; it is vulnerable to SIM cloning attacks so use an open source authenticator app that will store your codes locally. I use Aegis for Android.

[LAR Grizzly]

Here you go. First item in the section 'How you sign into Google'. It's recommended that you not use SMS as an option; it is vulnerable to SIM cloning attacks so use an open source authenticator app that will store your codes locally. I use Aegis for Android.

Thanks for the link to the Google Account Login. I found the 2FA setting. I'm on a desktop computer. How do I obtain an app password for a desktop?

[back2themoon]

How do I obtain an app password for a desktop?

Google Google app password.

[moonbat]

How do I obtain an app password for a desktop?

Google Google app password.

It's literally on the same page whose link I shared

[back2themoon]

Ok, but the Google Account labyrinth might be slightly convoluted for someone attempting it the first time. Best to start from the help/support page (to be revealed with a simple Google search). Either way, it's not that complicated.

[LAR Grizzly]

It's literally on the same page whose link I shared

I don't see Google App password. I see Passkeys and Security Keys and an Authenticator link. I tried both and Google says that they can't be set up on this device. I'm supposing that you have to use your Smartphone. Can I use the phone number option?

[Bilbo47]

https://myaccount.google.com/apppasswords
This is completely different from the Passkeys and Security Keys, Authenticator, and smartphone / phone number options.

[LAR Grizzly]

https://myaccount.google.com/apppasswords
This is completely different from the Passkeys and Security Keys, Authenticator, and smartphone / phone number options.

Your link took me to this: "The setting you are looking for is not available for your account."

I'm gettin' old. I'll be 69 next week. This stuff is hard on an old mind. I'm sure that I could figure it out, but I just got a Smartphone last May and I'm still getting used to it. I have Thunderbird and SeaMonkey working. I guess two out of three ain't bad. I'll just stick with TB. I'll sure miss Epyrus. I'll keep her updated and maybe try again in a few months when I feel more comfortable.

Thanks, everyone, for the guidance! I remember, back in the day, when the Internet was fun.

[moonbat]

"The setting you are looking for is not available for your account."

You need to set up 2 factor authentication before you can create app passwords, use an authenticator app on your phone like I suggested. RealityRipple has made one for desktop users as well.

[Bilbo47]

I think? 'setting not available' means the two-factor auth is not set up yet. Ggl *really* wants to not-provide the feature of normal access to email (IMAP via password). The day they stop providing it is the day I (again) stop using GMail.

Orrr, at one point it felt like Ggl was trying to convert password-auth accounts to OAuth-only accounts. Anyone who goofed up and allowed that to happen was prohibited from un-doing the change. At the same time supposedly, Ggl was allowing new accounts to be created but only without access to normal password-based IMAP email. In other words, it's possible that only older/existing accounts were eligible for adding app passwords after setting up 2FA.

Another truly PITA option with EP is to create your own personal ClientID. See the thread at viewtopic.php?f=73&t=30566

[Moonchild]

Ggl *really* wants to not-provide the feature of normal access to email (IMAP via password).

I think I already touched on this before but it makes sense from a cautious perspective. The issue is that they don't want people to use their main google account authentication for e-mail, something which is used with great frequency (every time mail is checked from a client) and doesn't support credential caching or hashed session tokens or what not. It is because Google accounts are being used by many more things than just e-mail, including sensitive things like Google Wallet and other financial services. Having a password that can safely be used with great frequency that is restricted to just the e-mail service and not immediately compromising the entire multi-use account if it gets found out (e.g. by MitM attacks or insecure proxies) makes a lot of sense in that context. Of course it does nothing if e-mail continues to be a pivotal "recovery" method for lost passwords, but it does throw up a roadblock for bad actors. What bugs me most about all this is that Google isn't explaining this and just calling clients "less secure" if they aren't using OAuth/webby authentication which isn't correct.

With the extensions of Microsoft using their Ms account also for more and more services, a similar thing is occurring for Microsoft mail.