Microsoft bans most common passwords in attempt to keep its users safe

The site calls the feature ‘dynamic banning’ and it is supposed to solve the biggest problem with passwords

Andrew Griffin
Thursday 26 May 2016 15:17 BST
Comments
The National Cyber Crime Unit has revealed that some hackers are offering ‘cybercrime as a service’, and have created a marketplace where gangs can bid for targets to be attacked
The National Cyber Crime Unit has revealed that some hackers are offering ‘cybercrime as a service’, and have created a marketplace where gangs can bid for targets to be attacked (Reuters)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Microsoft is going to ban its customers' most-used passwords.

The company is going to start “dynamically banning” the passwords that people use to try and break into accounts, in an attempt to keep its users safe.

A huge and worrying proportion of people tend to use passwords from a relatively limited list – things like 123456, or the word password. Doing so makes it far easier for people to break into people’s accounts, and so Microsoft is going to stop people from using them.

The company made the announcement after the revelation that 117 million LinkedIn accounts had been made available for sale on the internet. It said that information can prove useful to those looking to protect accounts as well as for cyber criminals, since it provides a way of getting to know the passwords that are most used.

“When it comes to big breach lists, cybercriminals and the Azure AD Identity Protection team have something in common – we both analyze the passwords that are being used most commonly,” wrote Microsoft’s Alex Weinert. “Bad guys use this data to inform their attacks – whether building a rainbow table or trying to brute force accounts by trying popular passwords against them.

“What we do with the data is prevent you from having a password anywhere near the current attack list, so those attacks won’t work.”

Microsoft sees 10 million attacks on people’s accounts every day. That means that it can build a list of the passwords that people are trying on those accounts, and it can be “dynamically updated” so that it always has the most recently used passwords.

“We then use that list to prevent you from selecting a commonly used password or one that is similar,” writes Mr Weinert.

That should make it far harder for hackers and cybercriminals to break into accounts by simply guessing the password a person has used.

The proportion of people using easy to guess passwords has been repeatedly highlighted in reports showing the most-commonly used logins. Because of that and other security problems, some companies such as Google want to get rid of passwords entirely and use other, more secure options like biometric data.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in