Comment by stevemk14ebr
2 years ago
You're correct it's necessary for how they use this, to impersonate a user and 'clone' their email data. But then, that is the problem, they shouldn't be able to do this at all.
2 years ago
You're correct it's necessary for how they use this, to impersonate a user and 'clone' their email data. But then, that is the problem, they shouldn't be able to do this at all.
Okay but the existence of a problem does not change the simple fact that it's encrypted. So many people arguing against this point out of some misguided sense of fuzzy logic.
It is encrypted in transit, but Microsoft is on the receiving end of that transit and gets the plain text password. The encryption does nothing to prevent the third party, that is Microsoft, from impersonating the user and reading all their mail.
sigh It's literally encrypted. You can try to derail the topic, but we're arguing about a very simple fact here. It's either encrypted or not. It's not complicated.
5 replies →
It's worse: anybody who can proxy the communication between Outlook and the MS servers can impersonate the user.
1 reply →
How would a hashed password fix that problem?
3 replies →
Gur rkpvfgrapr bs rapelcgvba qbrf abg punatr gur fvzcyr snpg gung jung gurl ner qbvat vf onq sbe frphevgl naq ubeevoyr sbe cevinpl.