Widely used legacy authentication protocols such as POP, SMTP, IMAP or MAPI are now a serious security vulnerability and thus very popular with attackers.
The numbers on legacy authentication from one analysis are stark:
- More than 99 percent of password spray attacks use legacy authentication protocols
- More than 97 percent of credential stuffing attacks use legacy authentication
- Azure AD accounts in organizations that have disabled legacy authentication experience 67 percent fewer compromises than those where legacy authentication is enabled