May 27, 2016 by

Microsoft Is Banning the Most Popular (and Least Secure) Passwords

Microsoft is cracking down on easily crack-able credentials by banning simple password – which are, coincidentally, the most commonly used passwords.

Earlier this week, a Microsoft program manager announced that commonly used passwords will be dynamically banned during an account registration and password reset/change process. The sandpit for weak passwords will be introduced by the Microsoft Account Service, applicable in platforms such as Xbox Live, Outlook (Hotmail) and OneDrive Azure.

In other words, some of the most commonly used passwords including the likes of “password”, “123456”, “qwerty” and “football” are no longer accepted by Microsoft. Instead, users opting to use such passwords will be greeted with a prompt, asking them to try again with a more secure password.

The dynamic ban of weak passwords include prominent VoIP software, Skype.

“When it comes to big breach lists, cybercriminals and the Azure AD Identity Protection team have something in common – we both analyze the passwords that are being used most commonly,” Microsoft explained in a blog post.

Also read: Here Are the Worst Passwords of 2015

Microsoft is also in the process of adding the password-measure feature to its Azure Active Directory, the cloud platform used by the software giant’s enterprise customers. These measures will ensure that the service can stop employees of enterprises from lazing into lax security standards, as well.

A recent Security Intelligence Report from Microsoft revealed that security triggers see over 10 million Microsoft accounts targeted and attacked daily.

Microsoft’s Alex Weinert, program manager of the Azure AD Identity Protection team explains that such attack patterns, in their high numbers on a daily basis, aid in maintaining the dynamic-ban protocols. He stated:

[Due to witnessing over 10 million accounts attacked daily] we have a lot of data about which passwords are in play in those attacks. We use this data to maintain a dynamically updated banned password list.

Some of the mandatory password measures that are included in a security-centric walkthrough for IT admins include:

  • Certain password length requirements, which would help against brute force attacks.
  • Password “complexity” requirements, which would make the passwords unique.
  • Regular, periodic password expiration, which would mean that the user would have to frequently change the password, aiding in better security.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Microsoft’s Secret Bug Database was Hacked in 2013

Technology giant Microsoft never disclosed a major breach of its internal database tracking bugs, a...

Read more arrow_forward

Microsoft Admits Cloud Service Faces 300% Increase in CyberAttacks

Technology giant Microsoft has revealed that its cloud-based user accounts have seen a 300% increase...

Read more arrow_forward

Microsoft is Turning the Tables on Russian Hackers with Lawyers

Microsoft is beginning counter measures against the alleged state-sponsored Russian hacking group...

Read more arrow_forward