When it comes to choosing passwords, many tend to follow a very, very predictable route. Microsoft may have a solution to that though: it plans to create a dynamically updated list of predictable passwords that it won’t let you use if you try inputting them into one of their services.
In a blog post, Microsoft explains that it’s putting to use the insights it gleans from millions of leaked passwords in order to increase security. Rather than simply imposing rules about password length and complexity, it will use publicly available information to create a list of commonly used passwords, which it simply won’t allow you to use, no matter how hard you persist.
The list will be continually updated based on new leaks, so as people shift to using other common passwords, they’ll also be placed onto the banned list. The goal is that one day, we will all be using strong passwords.
“Bad guys can use leaked data to inform their attacks – whether building a rainbow table or trying to brute force accounts by trying popular passwords against them. Our systems are designed to determine the risk associated with a specific login session. Using this, we can apply lockout semantics only to the folks who aren’t you. The only way you get locked out is if someone is guessing your passwords on your own machine or network.
“The most important thing to keep in mind when selecting a password is to choose one that is unique, and therefore hard to guess.”