Microsoft bans common passwords that appear in breach lists

JMH

JMH

Emeritus, Contributor
Joined
Apr 2, 2012
Posts
7,197
With LinkedIn providing yet more fodder for attackers' rainbow tables and login bots, Microsoft has decided to start blocking too-common passwords.

As a result, Azure Active Directory's 10 million or so users will no longer be able to select a password that's appeared too many times on breach lists, or commonly appears in attackers' login attempts.

The new regulation is already live in Microsoft Account Service and in private preview in Azure Active Directory, Redmond says in this Technet post.

“What we do with the data is prevent you from having a password anywhere near the current attack list, so those attacks won’t work”, Alex Weinart writes.
Click to expand...
Microsoft bans common passwords that appear in breach lists • The Register
 
Microsoft May Ban Your Favorite Password

Weak and commonly-used passwords are one of the main reasons online accounts can be easily compromised, but Microsoft is taking a step to better protect users by banning the use of such passwords across its services.

As data leaks have shown lately, people continue to use easy-to-guess passwords such as “123456” or “password” for their accounts, despite repeated warnings that this practice is incredibly risky. In March, security firm Rapid7 published the results of a year-long study and revealed that “x,” “Zz” and “St@rt123” are also highly preferred passwords.

Recently, a hacker offered to sell 167 million LinkedIn accounts, including 117 accounts with passwords, for only around $2,200 (5 bitcoins). The data, stolen in 2012, shows that “123456” was the most used password, occurring 753,305 times, which would be four times more than the next most common password, “linkedin,” at 172,523 occurrences.

Although the passwords were hashed, LinkedIn wasn’t salting them, meaning that many could be easily cracked, especially if they are weak passwords. Last month, 7 million Minecraft community “Lifeboat” accounts were impacted by a data leak that included weakly hashed passwords.
Click to expand...
Microsoft May Ban Your Favorite Password | SecurityWeek.Com
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top