Microsoft is going to ban its customers' most-used passwords.
The company is going to start “dynamically banning” the passwords that people use to try and break into accounts, in an attempt to keep its users safe.
A huge and worrying proportion of people tend to use passwords from a relatively limited list – things like 123456, or the word password. Doing so makes it far easier for people to break into people’s accounts, and so Microsoft is going to stop people from using them.
The company made the announcement after the revelation that 117 million LinkedIn accounts had been made available for sale on the internet. It said that information can prove useful to those looking to protect accounts as well as for cyber criminals, since it provides a way of getting to know the passwords that are most used.
“When it comes to big breach lists, cybercriminals and the Azure AD Identity Protection team have something in common – we both analyze the passwords that are being used most commonly,” wrote Microsoft’s Alex Weinert. “Bad guys use this data to inform their attacks – whether building a rainbow table or trying to brute force accounts by trying popular passwords against them.
“What we do with the data is prevent you from having a password anywhere near the current attack list, so those attacks won’t work.”
Microsoft sees 10 million attacks on people’s accounts every day. That means that it can build a list of the passwords that people are trying on those accounts, and it can be “dynamically updated” so that it always has the most recently used passwords.
“We then use that list to prevent you from selecting a commonly used password or one that is similar,” writes Mr Weinert.
That should make it far harder for hackers and cybercriminals to break into accounts by simply guessing the password a person has used.
The proportion of people using easy to guess passwords has been repeatedly highlighted in reports showing the most-commonly used logins. Because of that and other security problems, some companies such as Google want to get rid of passwords entirely and use other, more secure options like biometric data.
Register for free to continue reading
Registration is a free and easy way to support our truly independent journalism
By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists
Already have an account? sign in
Join our new commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies