When it comes to choosing passwords, many tend to follow a very, very predictable route. Microsoft may have a solution to that though: it plans to create a dynamically updated list of predictable passwords that it won’t let you use if you try inputting them into one of their services.

In a blog post, Microsoft explains that it’s putting to use the insights it gleans from millions of leaked passwords in order to increase security. Rather than simply imposing rules about password length and complexity, it will use publicly available information to create a list of commonly used passwords, which it simply won’t allow you to use, no matter how hard you persist.

The list will be continually updated based on new leaks, so as people shift to using other common passwords, they’ll also be placed onto the banned list. The goal is that one day, we will all be using strong passwords.

The company claims to have already rolled out the feature to Microsoft Account Service (that covers Outlook, Xbox, OneDrive and the like), and will also add the feature to accounts that use its Azure AD login system. You won’t notice a huge difference until you input a password it deems to be weak, at which point you’ll be prompted to enter a password that is a lot harder to crack.
The Active Directory team added: “With leaks happening almost weekly now, what can a person do to protect themselves? Or if you are an IT admin, what can you do to protect your users? Based on the latest research, there are some straight forward, concrete steps you can take as a user or as an administrator to help protect your accounts.

“Bad guys can use leaked data to inform their attacks – whether building a rainbow table or trying to brute force accounts by trying popular passwords against them. Our systems are designed to determine the risk associated with a specific login session. Using this, we can apply lockout semantics only to the folks who aren’t you. The only way you get locked out is if someone is guessing your passwords on your own machine or network.

“The most important thing to keep in mind when selecting a password is to choose one that is unique, and therefore hard to guess.”

We are Connect – the original web development agency. We have been providing best-in-class web, data and development services to public and private sector clients since 1994. Connect with us to take the first steps towards your digital transformation.

Comments are closed here.