Over time there’s been a change in the way email programs login to your mail host. It’s mostly hidden from us mere humans but important to understand. Here’s how to use oAuth and how to bypass it, if your email program doesn’t support it. Older versions of Outlook don’t know about Open Authentication but there’s a workaround.
oAuth (Open Authentication) is an Internet standard for logging in. It needs a change in email software like Outlook as well as the mail host.
Many mail hosts have switched to oAuth, the latest is AT&T which prompted some emails from Office Watch readers.
Modern Outlook supports oAuth but older ones do not. Older iPhones, Android and other devices might not have it. Never fear, there’s a workaround.
You don’t need to worry about the details of oAuth. The mail program or app will figure it out for you.
The Android mail setup gives you a selection of mail hosts, these are known oAuth mail hosts.
Outlook works differently. Enter the email address and Outlook will figure out what type of login and account connection is best.
Sometimes Outlook gets it wrong or you prefer a different connection. Choose ‘Let me set up my account manually’ to bypass Microsoft’s help.
Secure Mail Key or alternative password
Past Outlooks 2016, 2013, 2010 etc. don’t know about Open Authentication but never fear, there’s a workaround.
ATT calls it a ‘Secure Mail Key’ but it goes under many names like App Password. Whatever it’s called, it’s the same thing.
As an alternative, the mail host gives you a special password to use instead of the regular password.
Enter this special password into your Outlook or other mail client, the password will be recognized as belonging to you only.
If that seems familiar, Microsoft calls it an App Password or App Specific Password. The App Password for Outlook.com/Hotmail bypasses the need for two-factor authentication and oAuth when setting up older software.
There’s no need to upgrade your old Outlook or device, at least not just for oAuth support.
What is oAuth?
Open Authentication, oAuth (or RFC 6749 to its friends) is a more secure way to login to web sites and email. It’s also a way to share authentication between sites without revealing your password.
If you’ve been to sites which offer to login using your Facebook, Google or Microsoft accounts – that’s oAuth at work. There’s a bewildering amount of detail at https://oauth.net/ with ‘simple’ diagrams like this <g>.