For example, OAuth access tokens have a limited lifetime and are specific to the applications and resources for which they are issued. That means they cannot be reused by would-be attackers.
Time to say goodbye to Basic Authentication
The world of IT security continues to evolve in the face of increasingly sophisticated threats and tenacious bad actors. Unfortunately, attackers have been able to exploit Basic Authentication and capture user credentials for their nefarious purposes. The world is moving toward ubiquitous use of multifactor authentication, but enforcement can often be difficult or impossible when an application is still using Basic Authentication.
Microsoft is removing Basic Authentication from Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac. There will be no change for Microsoft applications already using Modern Authentication including SharePoint, OneDrive, and Microsoft Teams.