diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IPublicClientApplication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IPublicClientApplication.java
index b6a15173..668b6f45 100644
--- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IPublicClientApplication.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/IPublicClientApplication.java
@@ -14,11 +14,15 @@
 public interface IPublicClientApplication extends IClientApplicationBase {
 
     /**
-     * Acquires tokens from the authority configured in the application via Username/Password authentication.
+     * Acquires tokens from the authority configured in the application via Username/Password authentication.<br>
+     * <p><b>Deprecated:</b> This API has been deprecated and will be removed in a future release. Use a more secure flow instead.<br>
+     * See <a href="https://aka.ms/msal-ropc-migration">https://aka.ms/msal-ropc-migration</a> for migration guidance.
      *
      * @param parameters instance of {@link UserNamePasswordParameters}
      * @return {@link CompletableFuture} containing an {@link IAuthenticationResult}
+     * @deprecated This API not a secure flow and will be removed in a future release.
      */
+    @Deprecated
     CompletableFuture<IAuthenticationResult> acquireToken(UserNamePasswordParameters parameters);
 
     /**
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java
index 99a80d32..1200841c 100644
--- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/PublicClientApplication.java
@@ -24,6 +24,7 @@ public class PublicClientApplication extends AbstractClientApplicationBase imple
     private boolean brokerEnabled;
 
     @Override
+    @Deprecated
     public CompletableFuture<IAuthenticationResult> acquireToken(UserNamePasswordParameters parameters) {
 
         validateNotNull("parameters", parameters);
diff --git a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java
index 12c7b335..d8a3a2d8 100644
--- a/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java
+++ b/msal4j-sdk/src/main/java/com/microsoft/aad/msal4j/UserNamePasswordParameters.java
@@ -13,8 +13,13 @@
  * Object containing parameters for Username/Password flow. Can be used as parameter to
  * {@link PublicClientApplication#acquireToken(UserNamePasswordParameters)}
  * <p>
+ * <p><b>Deprecated:</b> This class supports the Resource Owner Password Credentials (ROPC) flow,
+ * which is insecure and will be removed in a future release.</p>
+ *
+ * <p>See <a href="https://aka.ms/msal-ropc-migration">https://aka.ms/msal-ropc-migration</a> for migration guidance.</p>
  * For more details, see https://aka.ms/msal4j-username-password
  */
+@Deprecated
 public class UserNamePasswordParameters implements IAcquireTokenParameters {
 
     private Set<String> scopes;