Community Discussions and Support
Outlook Cutting Off Basic Authentication on 09/16/2024

2PM MST, retrieved email using app specific password.


Keeping fingers crossed. smile


2PM MST, retrieved email using app specific password. Keeping fingers crossed. :S

I may have missed it in the thread, but Microsoft has a useful article about this:
https://support.microsoft.com/en-us/office/outlook-and-other-apps-are-unable-to-connect-to-outlook-com-when-using-basic-authentication-f4202ebf-89c6-4a8a-bec3-3d60cf7deaef


It looks like the answer is OATH. Has anyone tested using the Pmail 4.8.1 beta gmail support with it, or is that limited to gmail only?


I may have missed it in the thread, but Microsoft has a useful article about this: https://support.microsoft.com/en-us/office/outlook-and-other-apps-are-unable-to-connect-to-outlook-com-when-using-basic-authentication-f4202ebf-89c6-4a8a-bec3-3d60cf7deaef It looks like the answer is OATH. Has anyone tested using the Pmail 4.8.1 beta gmail support with it, or is that limited to gmail only?

It looks like the answer is OATH. Has anyone tested using the Pmail 4.8.1 beta gmail support with it, or is that limited to gmail only?

It is GMail only since every provider sets up individual solutions, so did MS.


[quote="pid:57020, uid:31855"]It looks like the answer is OATH. Has anyone tested using the Pmail 4.8.1 beta gmail support with it, or is that limited to gmail only?[/quote] It *is* GMail only since every provider sets up individual solutions, so did MS.
			Michael
--
IERenderer's Homepage
PGP Key ID (RSA 2048): 0xC45D831B
S/MIME Fingerprint: 94C6B471 0C623088 A5B27701 742B8666 3B7E657C

It looks like the answer is OATH. Has anyone tested using the Pmail 4.8.1 beta gmail support with it, or is that limited to gmail only?


Dave, I (and a couple of others) are still retrieving email via Pegasus utilizing an Outlook app specific password. Mine is still working tonight. I DO have a backup plan in place, but haven't had to resort to it yet.


[quote="pid:57020, uid:31855"]It looks like the answer is OATH. Has anyone tested using the Pmail 4.8.1 beta gmail support with it, or is that limited to gmail only?[/quote] Dave, I (and a couple of others) are still retrieving email via Pegasus utilizing an Outlook app specific password. Mine is still working tonight. I DO have a backup plan in place, but haven't had to resort to it yet.

Returning from holiday yesterday I found that Pegasus no longer connects to Outlook. I get this message: 'Authentication unsuccessful, basic authentication is disabled'. This is despite 2FA and an app password.


I tried redirecting all emails to Gmail for subsequent download via Pegasus, but Gmail is suspicious and sends about a third of them to spam. It also bounces a few emails, sending this message back to Outlook: 'Unauthenticated email from [domain] is not accepted due to domain's DMARC policy'. I've no idea what this means, but some of the emails were important messages from banks and insurance companies and I can't afford to lose them.


I spent the best part of a weekend on websites two years ago, changing my email address to Outlook from my previous (Waitrose) address, so I don't want to go through it all again to change to Gmail (I prefer Outlook anyway).


So with a heavy heart I have downloaded Thunderbird because (unless anyone knows anything different) this is the only way I can keep my emails in folders on my computer.


At age 76 I can do without this annoyance. I have used Pegasus for the best part of 30 years - all my life is on it, receipts, purchases, friends' messages, holiday confirmations etc.


Regards, David


Returning from holiday yesterday I found that Pegasus no longer connects to Outlook. I get this message: 'Authentication unsuccessful, basic authentication is disabled'. This is despite 2FA and an app password. I tried redirecting all emails to Gmail for subsequent download via Pegasus, but Gmail is suspicious and sends about a third of them to spam. It also bounces a few emails, sending this message back to Outlook: 'Unauthenticated email from [domain] is not accepted due to domain's DMARC policy'. I've no idea what this means, but some of the emails were important messages from banks and insurance companies and I can't afford to lose them. I spent the best part of a weekend on websites two years ago, changing my email address to Outlook from my previous (Waitrose) address, so I don't want to go through it all again to change to Gmail (I prefer Outlook anyway). So with a heavy heart I have downloaded Thunderbird because (unless anyone knows anything different) this is the only way I can keep my emails in folders on my computer. At age 76 I can do without this annoyance. I have used Pegasus for the best part of 30 years - all my life is on it, receipts, purchases, friends' messages, holiday confirmations etc. Regards, David

Returning from holiday yesterday I found that Pegasus no longer connects to Outlook. I get this message: 'Authentication unsuccessful, basic authentication is disabled'. This is despite 2FA and an app password.


This is disheartening news, and a little surprising. It doesn't seem that long ago the Microsoft stated intentions to allow SMTP access for devices that were incapable of OAUTH authentication, like notifications by office phone systems, UPS devices, and the myriad of other devices and software designed to send notifications by email whose configuration capability offered nothing more than a username and password. What a nightmare this must be for limited resource businesses.


FWIW, I am still able to send and received mail with my Outlook account. Time will tell how long it continues to function.


[quote="pid:57039, uid:42001"]Returning from holiday yesterday I found that Pegasus no longer connects to Outlook. I get this message: 'Authentication unsuccessful, basic authentication is disabled'. This is despite 2FA and an app password.[/quote] This is disheartening news, and a little surprising. It doesn't seem that long ago the Microsoft stated intentions to allow SMTP access for devices that were incapable of OAUTH authentication, like notifications by office phone systems, UPS devices, and the myriad of other devices and software designed to send notifications by email whose configuration capability offered nothing more than a username and password. What a nightmare this must be for limited resource businesses. FWIW, I am still able to send and received mail with my Outlook account. Time will tell how long it continues to function.

Returning from holiday yesterday I found that Pegasus no longer connects to Outlook. I get this message: 'Authentication unsuccessful, basic authentication is disabled'. This is despite 2FA and an app password.


Hi David,


I'm still able to retrieve email from Outlook utilizing an app specific password set up for Pmail on Outlook. I'm hoping they consider app specific passwords as a step up from "basic authentication". It's fairly simple to do and, I believe, the instructions are included within this particular thread.


Best wishes,
Craig


[quote="pid:57039, uid:42001"]Returning from holiday yesterday I found that Pegasus no longer connects to Outlook. I get this message: 'Authentication unsuccessful, basic authentication is disabled'. This is despite 2FA and an app password.[/quote] Hi David, I'm still able to retrieve email from Outlook utilizing an app specific password set up for Pmail on Outlook. I'm hoping they consider app specific passwords as a step up from "basic authentication". It's fairly simple to do and, I believe, the instructions are included within this particular thread. Best wishes, Craig

But I'm already using 2-factor authentication and an app password. I set this up a couple of months ago and had no trouble retrieving emails from Outlook using the app password. Now it doesn't work any more.


But I'm already using 2-factor authentication and an app password. I set this up a couple of months ago and had no trouble retrieving emails from Outlook using the app password. Now it doesn't work any more.

But I'm already using 2-factor authentication and an app password. I set this up a couple of months ago and had no trouble retrieving emails from Outlook using the app password. Now it doesn't work any more.


I'm sorry David. My only thought is to maybe check to make sure the identity you are using with Outlook is the one set up with your app specific password. Just now I retrieved your note from Outlook using PM set up with an ASP.


Good luck!
Craig


[quote="pid:57042, uid:42001"]But I'm already using 2-factor authentication and an app password. I set this up a couple of months ago and had no trouble retrieving emails from Outlook using the app password. Now it doesn't work any more.[/quote] I'm sorry David. My only thought is to maybe check to make sure the identity you are using with Outlook is the one set up with your app specific password. Just now I retrieved your note from Outlook using PM set up with an ASP. Good luck! Craig

I'm hoping they consider app specific passwords as a step up from "basic authentication".

It's definitely a step up, but it's not at all clear whether Microsoft consider it a tall enough step. (Or whether app passwords are only working for some of us and by accident.)


The reason an app password is an improvement is that, if the app (Pegasus or any other) password should ever leak out,


  • the damage is limited to the service (e.g. email) rather than to the full capability of the owner's account as it would be for using your main password, and
  • the app password can be cancelled or revoked without preventing me from logging in to my account, since my main account access codes haven't been leaked.

The OAUTH2 arrangement is far more complex but should provide better security if it works properly - the authentication is specific to the client (Pegasus) and the service (email) as well as the user. It has a rolling sequence of new codes, so that even if intercepted, the stolen credentials are difficult to use without being detected, and only useful for a short time. But it's designed for web sites and for Outlook and Gmail themselves, rather than any other apps, and the standard is horrible to understand and implement.


[quote="pid:57041, uid:42003"]I'm hoping they consider app specific passwords as a step up from "basic authentication".[/quote] It's definitely a step up, but it's not at all clear whether Microsoft consider it a tall enough step. (Or whether app passwords are only working for some of us and by accident.) The reason an app password is an improvement is that, if the app (Pegasus or any other) password should ever leak out, - the damage is limited to the service (e.g. email) rather than to the full capability of the owner's account as it would be for using your main password, and - the app password can be cancelled or revoked without preventing me from logging in to my account, since my main account access codes haven't been leaked. The OAUTH2 arrangement is far more complex but should provide better security if it works properly - the authentication is specific to the client (Pegasus) and the service (email) as well as the user. It has a rolling sequence of new codes, so that even if intercepted, the stolen credentials are difficult to use without being detected, and only useful for a short time. But it's designed for web sites and for Outlook and Gmail themselves, rather than any other apps, and the standard is horrible to understand and implement.

It's definitely a step up, but it's not at all clear whether Microsoft consider it a tall enough step. (Or whether app passwords are only working for some of us and by accident.)


This is the great unanswered question. ASP seem to be working for some, but not others. It's sad that we have to cross our fingers every time we attempt to simply retrieve our mail from Outlook.


This is a quote from MS's warning:
"To keep you safe you will need to use a mail or calendar app which supports Microsoft’s modern authentication methods."


IMHO, I'm thinking the pluralization of "methods" is a hopeful sign. It seems that if MS was moving ONLY to an Oauth2 logon, then it would not have been pluralized. Of course... they might be being vague on purpose to keep future directions open.


Right now... it's a wait and see game.


Craig


[quote="pid:57044, uid:2925"]It's definitely a step up, but it's not at all clear whether Microsoft consider it a tall enough step. (Or whether app passwords are only working for some of us and by accident.)[/quote] This is the great unanswered question. ASP seem to be working for some, but not others. It's sad that we have to cross our fingers every time we attempt to simply retrieve our mail from Outlook. This is a quote from MS's warning: "To keep you safe you will need to use a mail or calendar app which supports Microsoft’s modern authentication methods." IMHO, I'm thinking the pluralization of "methods" is a hopeful sign. It seems that if MS was moving ONLY to an Oauth2 logon, then it would not have been pluralized. Of course... they might be being vague on purpose to keep future directions open. Right now... it's a wait and see game. Craig

@djarvie, I follow both the Community Forum and the PM-WIN listserv support list and you are the only one to report an Outlook authentication issue. I agree with @CraigTee in suspecting that your POP3 and/or IMAP and SMTP host configurations do not contain the app password.

@djarvie, I follow both the Community Forum and the PM-WIN listserv support list and you are the only one to report an Outlook authentication issue. I agree with @CraigTee in suspecting that your POP3 and/or IMAP and SMTP host configurations do not contain the app password.

I had this problem a while ago with my work email and now it has been rolled out generally it extends to my private Outlook account. I solved this by setting up my own email hosting service with uk2.net. (Others are available!) It's not as expensive as you might think, starting at 50p per month (plus annual hosting charge for your own domain). I then just forward to my UK2.net account from my outlook accounts and then Pop3 download to Pegasus. The only downside is that the UK2 smtp server for outgoing mail will only accept the UK2 email address in the 'from' entry so I can't send emails marked as coming from my work email address.


I had this problem a while ago with my work email and now it has been rolled out generally it extends to my private Outlook account. I solved this by setting up my own email hosting service with uk2.net. (Others are available!) It's not as expensive as you might think, starting at 50p per month (plus annual hosting charge for your own domain). I then just forward to my UK2.net account from my outlook accounts and then Pop3 download to Pegasus. The only downside is that the UK2 smtp server for outgoing mail will only accept the UK2 email address in the 'from' entry so I can't send emails marked as coming from my work email address.

suspecting that your POP3 and/or IMAP and SMTP host configurations do not contain the app password

Thanks Brian and Craig for your advice. So let me tell you what I did to set it up. Back in June when I received the Microsoft email I turned on 2-factor authentication and created an app password, following the Microsoft Support article "How to get and use app passwords". I entered the app password (in place of my original password) in the POP3 and SMPT definitions: Tools>Internet options>Receiving(POP3) and Tools>Internet options>Sending(SMPT). I used this configuration without problems - i.e. the app password was working fine from 30 June to 16 September. So I can't see how the configurations "do not contain the app password" - if that were the case then it wouldn't have worked at all.
I don't know why no-one else has reported problems - maybe no-one else uses Outlook with Pegasus. I value any thoughts or advice you may have on the matter, but sadly it looks like I shall just have to get used to Thunderbird.


[quote="pid:57046, uid:28772"]suspecting that your POP3 and/or IMAP and SMTP host configurations do not contain the app password[/quote] Thanks Brian and Craig for your advice. So let me tell you what I did to set it up. Back in June when I received the Microsoft email I turned on 2-factor authentication and created an app password, following the Microsoft Support article "How to get and use app passwords". I entered the app password (in place of my original password) in the POP3 and SMPT definitions: Tools>Internet options>Receiving(POP3) and Tools>Internet options>Sending(SMPT). I used this configuration without problems - i.e. the app password was working fine from 30 June to 16 September. So I can't see how the configurations "do not contain the app password" - if that were the case then it wouldn't have worked at all. I don't know why no-one else has reported problems - maybe no-one else uses Outlook with Pegasus. I value any thoughts or advice you may have on the matter, but sadly it looks like I shall just have to get used to Thunderbird.

@BrianFluet

Brian, I just wanted to make sure I thanked you for your assistance in setting up my OAuth2 on GMail and my ASP on Outlook. Both are working flawlessly and, if we're lucky, will continue to do so.


Thanks again,
Craig


@BrianFluet Brian, I just wanted to make sure I thanked you for your assistance in setting up my OAuth2 on GMail and my ASP on Outlook. Both are working flawlessly and, if we're lucky, will continue to do so. Thanks again, Craig

I entered the app password (in place of my original password) in the POP3 and SMPT definitions: Tools>Internet options>Receiving(POP3) and Tools>Internet options>Sending(SMPT). I used this configuration without problems - i.e. the app password was working fine from 30 June to 16 September. So I can't see how the configurations "do not contain the app password" - if that were the case then it wouldn't have worked at all.


Hi David, I KNOW it's no fun to make changes to email and was hoping you wouldn't have to. My thought was that maybe you had set up the ASP like I did, as a new identity, and then continued to use the default identity... or your old login/password.


Brian is more experienced than I with both smtp/pop3 and Pmail. He helped me get set up. Perhaps he might be able to offer more insight on this. I was hoping it would be as simple as changing from the PMail "default" identity to the one you set up with the ASP.


Best of luck my friend,
Craig


[quote="pid:57049, uid:42001"]I entered the app password (in place of my original password) in the POP3 and SMPT definitions: Tools>Internet options>Receiving(POP3) and Tools>Internet options>Sending(SMPT). I used this configuration without problems - i.e. the app password was working fine from 30 June to 16 September. So I can't see how the configurations "do not contain the app password" - if that were the case then it wouldn't have worked at all.[/quote] Hi David, I KNOW it's no fun to make changes to email and was hoping you wouldn't have to. My thought was that maybe you had set up the ASP like I did, as a new identity, and then continued to use the default identity... or your old login/password. Brian is more experienced than I with both smtp/pop3 and Pmail. He helped me get set up. Perhaps he might be able to offer more insight on this. I was hoping it would be as simple as changing from the PMail "default" identity to the one you set up with the ASP. Best of luck my friend, Craig

So I can't see how the configurations "do not contain the app password" - if that were the case then it wouldn't have worked at all.


I believe it would have, at least until Sept 16th when Microsoft totally stopped allowing basic authentication. If I were you, I would disable the current POP3 and SMTP definitions and create new ones using the app password. If they don't work, I would also go so far as the create a new app password and use it. I say this because we have seen Google randomly force creation of a new app password.


Also keep in mind the reference by @CraigTee to identities. The selected POP3 and SMTP host definitions are specific to each identity.

[quote="pid:57049, uid:42001"]So I can't see how the configurations "do not contain the app password" - if that were the case then it wouldn't have worked at all.[/quote] I believe it would have, at least until Sept 16th when Microsoft totally stopped allowing basic authentication. If I were you, I would disable the current POP3 and SMTP definitions and create new ones using the app password. If they don't work, I would also go so far as the create a new app password and use it. I say this because we have seen Google randomly force creation of a new app password. Also keep in mind the reference by @CraigTee to identities. The selected POP3 and SMTP host definitions are specific to each identity.

Don't understand "do not conatain the app password"


All the PND files have lines for password


Password : SEED$####:"*"


Changed Seed number to # and encrypted password to *.


The encryption is something that I've not found out. The TCP Log file will show the unencrypted password.


Just looked at all my *.PND files, and they all have password lines.


Don't understand "do not conatain the app password" All the PND files have lines for password Password : SEED$####:"*****************" Changed Seed number to # and encrypted password to *. The encryption is something that I've not found out. The TCP Log file will show the unencrypted password. Just looked at all my *.PND files, and they all have password lines.

mikes@guam.net

Don't understand "do not conatain the app password"


I meant that perhaps the password entered is not the app password, perhaps still the basic authentication password.

The TCP Log file will show the unencrypted password.


Creating a TCP log of a POP3 retrieval failure and then checking the password contained therein is a good idea for checking the actual password being transmitted.


[quote="pid:57053, uid:2546"]Don't understand "do not conatain the app password"[/quote] I meant that perhaps the password entered is not the app password, perhaps still the basic authentication password. [quote="pid:57053, uid:2546"]The TCP Log file will show the unencrypted password.[/quote] Creating a TCP log of a POP3 retrieval failure and then checking the password contained therein is a good idea for checking the actual password being transmitted.

Very bad news. i was abroad for a week so not using Pegasus on my laptop. However I did use Samsung Email to access outlook on android. It initally failed after 16th September so I enabled this with another app pasword and was able to retrieve outlook emails for the full trip. I had set up Pegasus with another app password before the deadline and could use that for the 2 days before my departure. However I cannot use it now, with no changes.


I cannot eplain this.
I have definitely made no changes.
I am familiar with Pegasus identities and TCP logs etc.
I will create a new app password, test that and report back.
However it is not looking good.
Not using Pegasus for over a week may be related.


Very bad news. i was abroad for a week so not using Pegasus on my laptop. However I did use Samsung Email to access outlook on android. It initally failed after 16th September so I enabled this with another app pasword and was able to retrieve outlook emails for the full trip. I had set up Pegasus with another app password before the deadline and could use that for the 2 days before my departure. However I cannot use it now, with no changes. I cannot eplain this. I have definitely made no changes. I am familiar with Pegasus identities and TCP logs etc. I will create a new app password, test that and report back. However it is not looking good. Not using Pegasus for over a week may be related.
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft