For use with Microsoft's Office 365 clients, they should be explicitly instructed to make an exception for such clients. Organisations typically instruct their users on how to recognise phishing sites, and to verify the identity of the server they are authenticating to when asked to enter their password. Even worse, the mobile interface seems to zoom in on username and password fields, making it harder to recognise the IdP login pages as visual clues like logos are no longer visible.
), there is no way for a user to verify the identity of the IdP.
See screenshots below.Īlso on mobile clients (e.g. The in-app browser does not show an address bar or "lock" as an indication to what site it is connecting. Verifying the authenticity of the login page This blog highlights what to look for for a secure login. Security aspectsĪlthough an improvement over the sign-in process that was used before modern authentication in which user credentials were routed through Microsoft servers (at least when accessing Exchange mail over IMAP), there are still some security-related issues with non-web access to Office 365. Modern authentication can only be enabled through the registry. On Windows, Office 2013 clients also have modern authentication implemented, but this is disabled by default. Modern authentication is available in Office 2016 for OSX and Windows, and on mobile clients (Windows mobile, iOS, Android). Modern Authentication is the term used by Microsoft for a new sign-in procedure implemented by Office clients that uses an embedded web browser to acquire authorisation to access a user's online resources hosted in Office 365.
0 kommentar(er)
