Since the beginning, the internet has run on the use of protocols. For much of that time -- and some are still this way -- data sent using those protocols was sent in plain text, whether it was URL traffic, search queries, or even email messages.
In the last 10 years or so, major internet services providers and internet services have pushed towards more secure methods of transmitting data. For example, Google penalizing sites that aren't protected with SSL certificates, which was a big push in the late 2010’s, to the point where browsers won't allow non-SSL traffic without giving users a huge, red warning.
For our part, as developers of an email and communications server, we have done what we can to minimize the potential for issues through tokenization of communications, even when using various email protocols. We did this in a way that still allowed our customers to authenticate against things like Active Directory, and to use MAPI, EWS, EAS, and more. We've also had to adapt how we integrate with some things to accommodate the ongoing efforts to further secure internet communication with things like OAuth.
Speaking of OAuth, everyone, it seems, is moving towards OAuth 2.0, and SmarterTools is no different. We are working towards implementing OAuth 2.0 across all areas of SmarterMail. That means that this will change how our users not only log in to SmarterMail, but how they integrate systems like Active Directory and how they authenticate to third-party services. For example, when adding Google Drive as a cloud storage provider in SmarterMail, we had to adapt to using Google's "Picker" API. That means users have to log in to their Google account and they actually see their Google Drive folders inside a new modal window. For email, Google's OAuth implementation has some daunting requirements, including expensive and extensive security audits. That's why app passwords are still being supported, by Google as well as by SmarterMail and SmarterTrack.
Working with Microsoft is no different: when adding Microsoft 365 or
Outlook.com accounts for email retrieval or SMTP accounts, or when migrating from these services to SmarterMail, you must now log in to your Microsoft Account first. This is Microsoft's way of adding their own authentication into the process which, in reality, makes that integration more secure from a Microsoft standpoint.
Security and reliability have always been key to the development of SmarterMail. We couldn't be happier that these changes are coming, and that so many major services are welcoming the changes as well. It will be a bumpy ride for a bit as people start catching up, but we're at the forefront and will continue to be moving forward.