Microsoft Is Banning the Most Popular (and Least Secure) Passwords

Microsoft is cracking down on easily crack-able credentials by banning simple password – which are, coincidentally, the most commonly used passwords.

Earlier this week, a Microsoft program manager announced that commonly used passwords will be dynamically banned during an account registration and password reset/change process. The sandpit for weak passwords will be introduced by the Microsoft Account Service, applicable in platforms such as Xbox Live, Outlook (Hotmail) and OneDrive Azure.

In other words, some of the most commonly used passwords including the likes of “password”, “123456”, “qwerty” and “football” are no longer accepted by Microsoft. Instead, users opting to use such passwords will be greeted with a prompt, asking them to try again with a more secure password.

The dynamic ban of weak passwords include prominent VoIP software, Skype.

“When it comes to big breach lists, cybercriminals and the Azure AD Identity Protection team have something in common – we both analyze the passwords that are being used most commonly,” Microsoft explained in a blog post.

Also read: Here Are the Worst Passwords of 2015

Microsoft is also in the process of adding the password-measure feature to its Azure Active Directory, the cloud platform used by the software giant’s enterprise customers. These measures will ensure that the service can stop employees of enterprises from lazing into lax security standards, as well.

A recent Security Intelligence Report from Microsoft revealed that security triggers see over 10 million Microsoft accounts targeted and attacked daily.

Microsoft’s Alex Weinert, program manager of the Azure AD Identity Protection team explains that such attack patterns, in their high numbers on a daily basis, aid in maintaining the dynamic-ban protocols. He stated:

[Due to witnessing over 10 million accounts attacked daily] we have a lot of data about which passwords are in play in those attacks. We use this data to maintain a dynamically updated banned password list.

Some of the mandatory password measures that are included in a security-centric walkthrough for IT admins include:

  • Certain password length requirements, which would help against brute force attacks.
  • Password “complexity” requirements, which would make the passwords unique.
  • Regular, periodic password expiration, which would mean that the user would have to frequently change the password, aiding in better security.

Image credit: Pixabay.