Microsoft to ban common passwords

In a bid to boost users’ online security, Microsoft has decided to ban common passwords that look too basic and can be easily decoded by the hackers. The company maintains a database of banned passwords which are insecure and commonly used, and users would be prevented in registering passwords that are similar or match with the commonly used passwords database.

Microsoft’s announcement comes on the backdrop of another leak scandal that occurred 2 weeks back when 117 million LinkedIn email credentials were put for sale in the black market.

Alex Weinert, Group Program Manager of Azure AD Identity Protection team, says,

“The most important thing to keep in mind when selecting a password is to choose one that is unique, and therefore hard to guess. We help you do this in the Microsoft Account and Azure AD system by dynamically banning commonly used passwords. When it comes to big breach lists, cybercriminals and the Azure AD Identity Protection team have something in common – we both analyze the passwords that are being used most commonly”.

How is Microsoft protecting passwords

Microsoft password securing mechanism is based on following guidelines:

  • Dynamically banning common passwords
  • Smart password lockout

Dynamically banning common passwords

With more than 10 million accounts attacked daily, Microsoft will disallow users setting up common passwords and will show up a red warning to them saying, “Choose a password that’s harder for people to guess.” This password checking mechanism is already live on Microsoft accounts such as Outlook and Xbox Live, and is coming to Azure Active Directory shortly.



Smart password lockout

Many attackers apply password guessing mechanism while breaking user accounts and to counter the peril, Microsoft security systems would detect the bad guys trying to guess the password online, and will lock out the account.


Microsoft systems can identify the specific login sessions when passwords are being guessed by the attackers. Using this knowledge, the system will apply lockout semantics to lock the user.

Choosing the right password

Avoiding the common passwords may just not be enough for you. To make it really tough for attackers to target your account, it is a good idea to use a mix of capital and lowercase letters, numbers and symbols.

It is necessary to create strong passwords that contain alphanumeric characters, special characters and a mix of upper and lower case. Even better if you create Passphrases using ASCII. You can make use of some good free Free Password Manager software or an Online Password Manager, that will help you not only remember and securely store your passwords but also create strong passwords every time.

Posted by with Tags
Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 + 3 =