Microsoft explained in a blog post that it was putting the data it had collected from millions of password leaks to good use in an attempt to help people come up with better passwords. Currently, it has rules about password length and the characters that have to be used, but it seems like it wants to take things a step further — creating a list of often-used passwords that you won’t be able to use anymore.
“When it comes to big breach lists, cybercriminals and the Azure AD Identity Protection team have something in common — we both analyze the passwords that are being used most commonly,” said Alex Weinert, group manager of the Azure AD Identity Protection team, in the blog post. “Bad guys use this data to inform their attacks — whether building a rainbow table or trying to brute force accounts by trying popular passwords against them. What we do with the data is prevent you from having a password anywhere near the current attack list, so those attacks won’t work.”
The list will be updated as time goes on and new password leaks occur, so as people start using different passwords that are still too easy to guess, those passwords will also be banned from use.
According to Microsoft, the feature has already been rolled out to Account Service — including Outlook, Xbox, OneDrive, and so on — and the feature will be expanded to Microsoft’s Azure AD login system in the near future. Of course, if you tend to already use strong passwords, you probably won’t notice any changes — but if you’re a user of weak passwords, you might finally have to start choosing stronger passwords. No more ‘password,’ or ‘12345.’
Editors' Recommendations
- Microsoft accidentally released 38TB of private data in a major leak
- This critical exploit could let hackers bypass your Mac’s defenses
- Hackers may have stolen the master key to another password manager
- AI can probably crack your password in seconds
- This Bing flaw let hackers change search results and steal your files
