Skip to main content

Say goodbye to ‘12345’: Microsoft is banning your lame passwords

A user entering a password.
Image used with permission by copyright holder
Some of us are very dumb when it comes to creating strong passwords, and Microsoft is sick of it. So much so that it’s banning certain passwords that it deems as too weak or easy to crack from being used at all.

Microsoft explained in a blog post that it was putting the data it had collected from millions of password leaks to good use in an attempt to help people come up with better passwords. Currently, it has rules about password length and the characters that have to be used, but it seems like it wants to take things a step further — creating a list of often-used passwords that you won’t be able to use anymore.

“When it comes to big breach lists, cybercriminals and the Azure AD Identity Protection team have something in common — we both analyze the passwords that are being used most commonly,” said Alex Weinert, group manager of the Azure AD Identity Protection team, in the blog post. “Bad guys use this data to inform their attacks — whether building a rainbow table or trying to brute force accounts by trying popular passwords against them. What we do with the data is prevent you from having a password anywhere near the current attack list, so those attacks won’t work.”

The list will be updated as time goes on and new password leaks occur, so as people start using different passwords that are still too easy to guess, those passwords will also be banned from use.

According to Microsoft, the feature has already been rolled out to Account Service — including Outlook, Xbox, OneDrive, and so on — and the feature will be expanded to Microsoft’s Azure AD login system in the near future. Of course, if you tend to already use strong passwords, you probably won’t notice any changes — but if you’re a user of weak passwords, you might finally have to start choosing stronger passwords. No more ‘password,’ or ‘12345.’

Editors' Recommendations

Christian de Looper
Christian’s interest in technology began as a child in Australia, when he stumbled upon a computer at a garage sale that he…
NordPass adds passkey support to banish your weak passwords
password manager lifestyle image

Weak passwords can put your online accounts at risk, but password manager NordPass thinks it has the solution. The app has just added support for passkeys, giving you a far more secure way to keep all your important logins safe and sound.

Instead of a vulnerable password, passkeys work by using your biometric data as your login ‘fingerprint.’ For example, you could use the Touch ID button on a Mac or a facial recognition scanner on your smartphone to log in to your account. No typing required.

Read more
If you use this free password manager, your passwords might be at risk
Office computer with login asking for password and username.

Researchers have just found a flaw within Bitwarden, a popular password manager. If exploited, the bug could give hackers access to login credentials, compromising various accounts.

The flaw within Bitwarden was spotted by Flashpoint, a security analysis firm. While the issue hasn't received much -- or any -- coverage in the past, it appears that Bitwarden was aware of it all along. Here's how it works.

Read more
Apple’s security trumps Microsoft and Twitter’s, say feds
Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Apple has long held a reputation for rock-solid security, and now the U.S. government seemingly agrees after praising the company for its security procedures. At the same time, the feds have suggested Microsoft and Twitter need to pull their socks up and make their products much more secure for their users, according to CNBC.

In a speech given at Carnegie Mellon University, Cybersecurity and Infrastructure Security Agency Director Jen Easterly pointed to Apple as a company that took security and accountability seriously, and suggested other companies should take note.

Read more