Microsoft Finally Bans Easy-Stupid Passwords
If you see the above Reset your password line when logging into your Microsoft account–and it tells you to “Choose a password that’s harder for people to guess”–it’s because Microsoft won’t let you use your dumbass password any more.
Earlier this week Microsoft turned on a new feature that dynamically updates a list of bad passwords, and will block users from trying to use them. From now on, you can forget about all those stupid passwords so many people stubbornly stick to, like 123456, password, 12345678, qwerty, 12345, 123456789, football, 1234567, dragon, and baseball.
These are the top 10 most common passwords used by people, as gleaned in part by 117 million LinkedIn accounts that were originally hacked in 2012 and leaked last week, and by the password attempts hackers use on various Microsoft accounts.
Alex Weinert from Microsoft’s Identity Protection Team says that Microsoft has been collecting all the password guesses used by hackers from the 10 million daily hacking attempts they see.
“We analyse the passwords that are being used most commonly. Bad guys use this data to inform their attacks,” he explains. “What *we* do with the data is prevent you from having a password anywhere near the current attack list, so those attacks won’t work.”
This seems to be a smarter password system than others that only force people to use longer complex character strings with caps, numbers and extended characters. Apparently, many people tend to respond in predictable ways, like 123Pa$$worD.
By continuing to analyze the password guesses hackers actually attempt, Microsoft will keep adding to their “dynamic list” of disallowed passwords. They’ve also implemented a “smart password lockout” system that only locks out suspected hackers, not the entire account. If you login from your usual device or network you shouldn’t have any problems.
So from now on when logging into your Microsoft, Outlook, Xbox, OneDrive or Azure account, you can feel safer knowing that good old Microsoft is watching your back–and protecting the rest of us from our own stupidity.
Extra: This might be a good time to review our “Netcotech’s Top Four IT Tips for Password Security” we published in April this year.