One of the reasons why I use The Bat! is that it allows me to access several e-mail accounts in one place. I have different accounts on various services for work use, personal use, hobbies, etc., and it would be extremely laborious to check them one by one. And one of my accounts is on Outlook.com.
Yesterday I received an e-mail from Microsoft with the subject line "Action required: you will lose access to some of your third-party e-mail and calendar applications" (I'm from Brazil, so I received the e-mail in Portuguese, and I'm translating it). It said (again, translated):
I searched for the Microsoft help article mentioned (the title and linked URL above are the original English ones, not translations). Long story short, what they call "modern authentication methods" is OAuth2, which is not currently supported by The Bat! (at the moment, I access my Outlook.com account from The Bat! using POP3 with TLS to port 995).
It's also obvious that although giving directions for other clients, Microsoft is subtly encouraging the use of their own solutions (I have a Microsoft 365 subscription that comes with the Outlook client, but I refuse to use it because of its notorious security flaws, little flexibility, and patronizing design decisions).
And yes, I know that implementing a new authentication method in an e-mail client is not a trivial task, but as of this writing there are still two months ahead to come up with a solution.
I also know that Outlook.com allows e-mail forwarding, which could be a workaround, but I'd rather not use it if it can be avoided, for three reasons: 1. more easily separating e-mails from different accounts; 2. Microsoft's spam filters are already oversensitive and flawed, and adding another layer with the destination account would filter out more spam but would also increase both the likelihood of missing important legitimate messages and the complexity of accessing them; and 3. my past experience with Yahoo! Mail, which used to offer e-mail forwarding, but removed this feature a few years ago on very short notice and with no justification. Nothing prevents Microsoft from doing the same.
Moreover, for now The Bat! still works great with Gmail, which I also use, but Gmail has sent me warnings on several occasions that I was using an "insecure access method" (or something to that effect) and that it was not recommended. This is also always pointed as an issue in their account security check. So, it's possible that Google may also follow Microsoft's steps and block those "insecure methods" on Gmail some time in the future. If it does, that will be the end of The Bat! for me.
So, let me ask: is Ritlabs aware of this issue with one of the world's most widely used e-mail services, and will it do something about it?
Yesterday I received an e-mail from Microsoft with the subject line "Action required: you will lose access to some of your third-party e-mail and calendar applications" (I'm from Brazil, so I received the e-mail in Portuguese, and I'm translating it). It said (again, translated):
| Quote |
|---|
| From September 16, 2024, applications that use less secure logon technologies will no longer have access to your e-mail. The protection and security of your information are Microsoft's priority. In order to keep your account secure, Microsoft will no longer support the use of third-party e-mail and calendar applications that ask you to logon using only your Microsoft account's user name and password. To ensure your security, you will need to use an e-mail or calendar application that is compatible with Microsoft's modern authentication methods. If you don't take any measure, third-party e-mail applications will no longer be able to access your Outlook.com, Hotmail, or Live.com e-mail address starting from September 16, 2024. What do you need to do? If you're receiving this e-mail, it's because you're using an e-mail or calendar application that uses a less secure authentication method to connect to your Outlook.com e-mail account. Update the third-party e-mail and calendar application to a version compatible with modern authentication methods. ... How to configure your Gmail, Apple Mail, or other third-party e-mail application? Various non-Microsoft applications have their own procedures to connect to your Outlook.com e-mail account using modern authentication methods. Please check our help article However, it may be necessary to contact those applications' creators to get instructions. In many cases, it will suffice to remove your account and then re-add it with the application's latest version to configure it to use modern authentication methods. |
I searched for the Microsoft help article mentioned (the title and linked URL above are the original English ones, not translations). Long story short, what they call "modern authentication methods" is OAuth2, which is not currently supported by The Bat! (at the moment, I access my Outlook.com account from The Bat! using POP3 with TLS to port 995).
It's also obvious that although giving directions for other clients, Microsoft is subtly encouraging the use of their own solutions (I have a Microsoft 365 subscription that comes with the Outlook client, but I refuse to use it because of its notorious security flaws, little flexibility, and patronizing design decisions).
And yes, I know that implementing a new authentication method in an e-mail client is not a trivial task, but as of this writing there are still two months ahead to come up with a solution.
I also know that Outlook.com allows e-mail forwarding, which could be a workaround, but I'd rather not use it if it can be avoided, for three reasons: 1. more easily separating e-mails from different accounts; 2. Microsoft's spam filters are already oversensitive and flawed, and adding another layer with the destination account would filter out more spam but would also increase both the likelihood of missing important legitimate messages and the complexity of accessing them; and 3. my past experience with Yahoo! Mail, which used to offer e-mail forwarding, but removed this feature a few years ago on very short notice and with no justification. Nothing prevents Microsoft from doing the same.
Moreover, for now The Bat! still works great with Gmail, which I also use, but Gmail has sent me warnings on several occasions that I was using an "insecure access method" (or something to that effect) and that it was not recommended. This is also always pointed as an issue in their account security check. So, it's possible that Google may also follow Microsoft's steps and block those "insecure methods" on Gmail some time in the future. If it does, that will be the end of The Bat! for me.
So, let me ask: is Ritlabs aware of this issue with one of the world's most widely used e-mail services, and will it do something about it?