Microsoft explained in a blog post that it was putting the data it had collected from millions of password leaks to good use in an attempt to help people come up with better passwords. Currently, it has rules about password length and the characters that have to be used, but it seems like it wants to take things a step further — creating a list of often-used passwords that you won’t be able to use anymore.
“When it comes to big breach lists, cybercriminals and the Azure AD Identity Protection team have something in common — we both analyze the passwords that are being used most commonly,” said Alex Weinert, group manager of the Azure AD Identity Protection team, in the blog post. “Bad guys use this data to inform their attacks — whether building a rainbow table or trying to brute force accounts by trying popular passwords against them. What we do with the data is prevent you from having a password anywhere near the current attack list, so those attacks won’t work.”
The list will be updated as time goes on and new password leaks occur, so as people start using different passwords that are still too easy to guess, those passwords will also be banned from use.
According to Microsoft, the feature has already been rolled out to Account Service — including Outlook, Xbox, OneDrive, and so on — and the feature will be expanded to Microsoft’s Azure AD login system in the near future. Of course, if you tend to already use strong passwords, you probably won’t notice any changes — but if you’re a user of weak passwords, you might finally have to start choosing stronger passwords. No more ‘password,’ or ‘12345.’
Editors' Recommendations
- NordPass adds passkey support to banish your weak passwords
- Apple’s security trumps Microsoft and Twitter’s, say feds
- Microsoft is bringing ChatGPT to your browser, and you can test it out right now
- Using LastPass? You need to switch urgently, says security firm
- This critical macOS flaw may leave your Mac defenseless