ExchangeDefender OAuth Implementation

ExchangeDefender OAuth Implementation

ExchangeDefender is starting 2021 with a subtle yet huge change in the way our applications and services interact on the backend – we have fully implemented OAuth. OAuth is a popular authentication / login framework that uses authorization tokens instead of passwords to grant you access to different/unrelated services.

What this means in practical terms is that once you login to ExchangeDefender, you will be authorized to access all of the applications you have access to without logging in again and again as you hop from your SPAM Quarantine to your Password Vault to Wrkoo Invoices or ExchangeDefender support.

It also means you are now able to use authenticator apps from Google, Microsoft, as well as SMS. We are already working on Microsoft Authenticator, and for users that don’t trust big tech, Authy.  

What will it look like?

Deployment of OAuth is completely transparent to the user and their login experience will not change. We are currently running OAuth in an open beta with our larger MSPs and enterprise customers and the login screen looks like this:

After you login with your username and password, you will be taken to our OAuth enrollment screen where you will be prompted for your password again (or prompted to reset it, if it’s older than 90 days).

That’s all. You’ll be enrolled in OAuth and from that point on your access to all our sites and services will be handled with authentication tokens instead of passwords.

After you’re authenticated, your avatar in the upper right hand side will feature shortcuts to the rest of the ExchangeDefender/Wrkoo/Own Web Now sites you have access to and they’ll be just a click away. This implementation will help us streamline access to all of the services the user is authorized to access, making it much easier to access all the services without dealing with multiple portals, sites, and login  credentials.

P.S. I have blogged repeatedly imploring our partners and clients to adopt better password policies and two-factor authentication. Truth is, no matter how amazing and unique your password is, it’s passing through series of potentially compromised routers and networks. Even though ExchangeDefender offers free 2FA, OTP, and requires strong passwords with option to automatically expire them – the adoption rate is still under 10%.