Microsoft Is Banning Easy-to-Remember Passwords – Fortune

You know those really simple, easy-to-remember passwords you use that help you log into apps? Well, Microsoft is banning them from some of its services.

Microsoft is banning simple and regularly used passwords across the company’s many platforms, including Office, Xbox, and Skype, among others. In a blog post this week and earlier reported on by Mashable, Microsoft


MSFT



said that users will now need to use passwords with eight characters, and will evaluate the desired option against common passwords that are typically targeted by hackers. The service will also be available on Microsoft’s cloud-based Azure service.

“When it comes to big breach lists, cybercriminals and the Azure AD Identity Protection team have something in common—we both analyze the passwords that are being used most commonly,” Microsoft group program manager Alex Weinert said in a blog post. “Bad guys use this data to inform their attacks…What we do with the data is prevent you from having a password anywhere near the current attack list, so those attacks won’t work.”

Get Data Sheet, Fortune’s technology newsletter.

Microsoft is determining which passwords should be banned by culling data from attacks on its own users. The company said that it continually monitors those attacks, evaluates the passwords used, and maintains a “dynamically updated banned password list.”

Earlier this year, security firm SplashData, which releases its list of the worst passwords each year, found that in 2015, Internet users were rather sloppy with their passwords. In fact, the company found that “123456” was the most commonly used password on the Internet, followed by “password.” The list also included items like “starwars” and “qwerty.” The data comes from more than two million leaked passwords it recovered last year and suggests users aren’t taking password security as seriously as they should.

The threats to passwords are real. Just last week, a hacker was offering a list of 117 million usernames and passwords the person allegedly obtained from LinkedIn


LNKD



. It was the latest in a strong of password hacks that have prompted companies both big and small to think up new ways to safeguard accounts. Those efforts range from requiring stronger passwords to using two-factor authentication, which asks a user to both input a password and a code he or she would receive on another device.

Despite those efforts, there are no signs of hacking attempts ending anytime soon. In fact, Microsoft says that 10 million of its users’ accounts are attacked each day.

For more on Microsoft, watch this video:

Microsoft’s attempts at keeping user data safe doesn’t necessarily mean it’ll be the panacea the company (and perhaps its users) are seeking. While Microsoft will try to compare passwords against a list to minimize chances of regularly used credentials from being used, it doesn’t mean hackers can’t find other ways to attack and steal data.

In the security world, it’s a game of cat and mouse. And Microsoft is trying to ban passwords to gain an upper-hand in that game.

Comments

Write a Reply or Comment:

Your email address will not be published.*