Comment by yjftsjthsd-h
2 years ago
> What else would you expect?
I would expect user credentials to not be uploaded without giving an extremely explicit explanation and receiving informed consent from the user.
2 years ago
> What else would you expect?
I would expect user credentials to not be uploaded without giving an extremely explicit explanation and receiving informed consent from the user.
Also, the credentials have to be stored in plain text. M$ servers cannot auth with your IMAP host with a password hash, so they must be saving the plain text password somewhere which seems absolutely crazy to me.
No, that's just wrong. They can store these credentials encrypted with algorithms such as AES-256. No need to store them in plain text.
This is actually standard security practice when you absolutely have to store a key in a way that you can use it later, such as a password or an API key.
Next time there's a data breach at Azure, there will be fireworks.