diff --git a/changelog.txt b/changelog.txt
index a3e4452b..84f45aa6 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -7,6 +7,15 @@ Thanks for upgrading to the latest version of the ALKS CLI!
   - Type to filter accounts by alias or account ID instead of scrolling
   - Uses case-insensitive substring matching
 
+★ Release Notes: 2026-02-24 ★
+≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡≡
+
+Thanks for upgrading to the latest version of the ALKS CLI!
+
+* Added deprecation warning for Basic Authentication (US1879500).
+  - A warning banner now appears whenever a command runs using basic auth (network password)
+  - Basic Authentication will be retired on May 3rd; please migrate to OAuth2 via `alks developer configure`
+
 Have feedback? https://github.com/Cox-Automotive/ALKS-CLI/issues
 
 ☁☁☁☁☁☁  Happy Clouding! ☁☁☁☁☁☁
diff --git a/src/lib/getAlks.ts b/src/lib/getAlks.ts
index 00bfb5e3..da85b546 100644
--- a/src/lib/getAlks.ts
+++ b/src/lib/getAlks.ts
@@ -1,5 +1,7 @@
 import ALKS, { AlksProps, create } from 'alks.js';
+import { yellow } from 'cli-color';
 import { getUserAgentString } from './getUserAgentString';
+import { defaultServer } from './promptForServer';
 import { getServer } from './state/server';
 
 interface TokenProps {
@@ -30,6 +32,20 @@ export async function getAlks(props: Props): Promise<ALKS.Alks> {
     );
   }
 
+  const normalizedServer = server.replace(/\/+$/, '');
+  const normalizedDefault = defaultServer.replace(/\/+$/, '');
+  const defaultOrigin = defaultServer.replace(/\/rest\/?$/, '');
+  if (
+    normalizedServer !== normalizedDefault &&
+    normalizedServer.startsWith(defaultOrigin)
+  ) {
+    console.error(
+      yellow(
+        `Tip: Did you mean ${defaultServer}? Run \`alks developer configure\` to update your server URL.`
+      )
+    );
+  }
+
   // FYI: for enabled but not enforced we should not send the Test header.
   const mergedHeaders = {
     ...(props.headers || {}),
diff --git a/src/lib/getAuth.ts b/src/lib/getAuth.ts
index 18b6eb3f..89d5affd 100644
--- a/src/lib/getAuth.ts
+++ b/src/lib/getAuth.ts
@@ -1,10 +1,14 @@
+import { yellow } from 'cli-color';
 import { log } from '../lib/log';
 import { Auth } from '../model/auth';
 import { promptForPassword } from './promptForPassword';
+import { showBorderedMessage } from './showBorderedMessage';
 import { getPassword } from './state/password';
 import { getToken } from './state/token';
 import { getUserId } from './state/userId';
 
+let deprecationWarningShown = false;
+
 // TODO: refactor all calls to this function to do their own error handling so that we can just return Auth or undefined
 export async function getAuth(): Promise<Auth> {
   log('checking for refresh token');
@@ -23,6 +27,19 @@ export async function getAuth(): Promise<Auth> {
     }
     // If password is not set, ask for a password
     const password = (await getPassword()) || (await promptForPassword());
+
+    if (!deprecationWarningShown) {
+      deprecationWarningShown = true;
+      showBorderedMessage(
+        80,
+        yellow(
+          '⚠  DEPRECATION WARNING: Basic Authentication (network password) will be\n' +
+            '   retired on May 3rd. Please run `alks developer configure` to migrate\n' +
+            '   to OAuth2 (refresh token) authentication.'
+        )
+      );
+    }
+
     const auth = { userid, password };
     return auth;
   }
diff --git a/src/lib/handlers/alks-developer-login.ts b/src/lib/handlers/alks-developer-login.ts
index 5eb56ced..7cbbc3b4 100644
--- a/src/lib/handlers/alks-developer-login.ts
+++ b/src/lib/handlers/alks-developer-login.ts
@@ -1,9 +1,11 @@
 import commander from 'commander';
+import { yellow } from 'cli-color';
 import { checkForUpdate } from '../checkForUpdate';
 import { errorAndExit } from '../errorAndExit';
 import { log } from '../log';
 import { promptForPassword } from '../promptForPassword';
 import { promptForUserId } from '../promptForUserId';
+import { showBorderedMessage } from '../showBorderedMessage';
 import { setPassword } from '../state/password';
 import { setUserId } from '../state/userId';
 
@@ -11,6 +13,15 @@ export async function handleAlksDeveloperLogin(
   options: commander.OptionValues
 ) {
   try {
+    showBorderedMessage(
+      80,
+      yellow(
+        '⚠  DEPRECATION WARNING: Basic Authentication (network password) will be\n' +
+          '   retired on May 3rd. Please use `alks developer configure` to set up\n' +
+          '   OAuth2 (refresh token) authentication instead.'
+      )
+    );
+
     const userId = options.username ?? (await promptForUserId());
     log('saving user ID');
     await setUserId(userId);
diff --git a/src/lib/promptForAuthType.ts b/src/lib/promptForAuthType.ts
index b54c3f16..8dd982f0 100644
--- a/src/lib/promptForAuthType.ts
+++ b/src/lib/promptForAuthType.ts
@@ -18,7 +18,7 @@ export async function promptForAuthType(): Promise<string> {
         short: REFRESH_TOKEN_AUTH_CHOICE,
       },
       {
-        name: `[${PASSWORD_AUTH_CHOICE}] Store your network password (not recommended)`,
+        name: `[${PASSWORD_AUTH_CHOICE}] Store your network password (DEPRECATED - retiring May 3rd, not recommended)`,
         value: PASSWORD_AUTH_CHOICE,
         short: PASSWORD_AUTH_CHOICE,
       },