Comment by alt227
2 years ago
Also, the credentials have to be stored in plain text. M$ servers cannot auth with your IMAP host with a password hash, so they must be saving the plain text password somewhere which seems absolutely crazy to me.
2 years ago
Also, the credentials have to be stored in plain text. M$ servers cannot auth with your IMAP host with a password hash, so they must be saving the plain text password somewhere which seems absolutely crazy to me.
No, that's just wrong. They can store these credentials encrypted with algorithms such as AES-256. No need to store them in plain text.
This is actually standard security practice when you absolutely have to store a key in a way that you can use it later, such as a password or an API key.
Next time there's a data breach at Azure, there will be fireworks.