Skip to main content

Say goodbye to ‘12345’: Microsoft is banning your lame passwords

A user entering a password.
Some of us are very dumb when it comes to creating strong passwords, and Microsoft is sick of it. So much so that it’s banning certain passwords that it deems as too weak or easy to crack from being used at all.

Microsoft explained in a blog post that it was putting the data it had collected from millions of password leaks to good use in an attempt to help people come up with better passwords. Currently, it has rules about password length and the characters that have to be used, but it seems like it wants to take things a step further — creating a list of often-used passwords that you won’t be able to use anymore.

“When it comes to big breach lists, cybercriminals and the Azure AD Identity Protection team have something in common — we both analyze the passwords that are being used most commonly,” said Alex Weinert, group manager of the Azure AD Identity Protection team, in the blog post. “Bad guys use this data to inform their attacks — whether building a rainbow table or trying to brute force accounts by trying popular passwords against them. What we do with the data is prevent you from having a password anywhere near the current attack list, so those attacks won’t work.”

The list will be updated as time goes on and new password leaks occur, so as people start using different passwords that are still too easy to guess, those passwords will also be banned from use.

According to Microsoft, the feature has already been rolled out to Account Service — including Outlook, Xbox, OneDrive, and so on — and the feature will be expanded to Microsoft’s Azure AD login system in the near future. Of course, if you tend to already use strong passwords, you probably won’t notice any changes — but if you’re a user of weak passwords, you might finally have to start choosing stronger passwords. No more ‘password,’ or ‘12345.’

Editors' Recommendations