In a bid to boost users’ online security, Microsoft has decided to ban common passwords that look too basic and can be easily decoded by the hackers. The company maintains a database of banned passwords which are insecure and commonly used, and users would be prevented in registering passwords that are similar or match with the commonly used passwords database.
Microsoft’s announcement comes on the backdrop of another leak scandal that occurred 2 weeks back when 117 million LinkedIn email credentials were put for sale in the black market.
Alex Weinert, Group Program Manager of Azure AD Identity Protection team, says,
“The most important thing to keep in mind when selecting a password is to choose one that is unique, and therefore hard to guess. We help you do this in the Microsoft Account and Azure AD system by dynamically banning commonly used passwords. When it comes to big breach lists, cybercriminals and the Azure AD Identity Protection team have something in common – we both analyze the passwords that are being used most commonly”.
How is Microsoft protecting passwords
Microsoft password securing mechanism is based on following guidelines:
- Dynamically banning common passwords
- Smart password lockout
Dynamically banning common passwords
With more than 10 million accounts attacked daily, Microsoft will disallow users setting up common passwords and will show up a red warning to them saying, “Choose a password that’s harder for people to guess.” This password checking mechanism is already live on Microsoft accounts such as Outlook and Xbox Live, and is coming to Azure Active Directory shortly.
Smart password lockout
Many attackers apply password guessing mechanism while breaking user accounts and to counter the peril, Microsoft security systems would detect the bad guys trying to guess the password online, and will lock out the account.
Microsoft systems can identify the specific login sessions when passwords are being guessed by the attackers. Using this knowledge, the system will apply lockout semantics to lock the user.
Choosing the right password
Avoiding the common passwords may just not be enough for you. To make it really tough for attackers to target your account, it is a good idea to use a mix of capital and lowercase letters, numbers and symbols.
It is necessary to create strong passwords that contain alphanumeric characters, special characters and a mix of upper and lower case. Even better if you create Passphrases using ASCII. You can make use of some good free Free Password Manager software or an Online Password Manager, that will help you not only remember and securely store your passwords but also create strong passwords every time.
