Microsoft is banning easy-to-guess passwords, to protect users from themselves

May 27, 2016

This article is published in collaboration with Business Insider.

A hand is silhouetted in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. The Financial Times' website and Twitter feeds were hacked May 17, 2013, renewing questions about whether the popular social media service has done enough to tighten security as cyber-attacks on the news media intensify. The attack is the latest in which hackers commandeered the Twitter account of a prominent news organization to push their agenda. Twitter's 200 million users worldwide send out more than 400 million tweets a day, making it a potent distributor of news.

In response to a hacker releasing 117 million usernames and passwords, Microsoft is putting an end to insecure passwords.

Image: REUTERS/Pawel Kopczynski

Cadence Bambenek

Our Impact

What's the World Economic Forum doing to accelerate action on Cybersecurity?

The Big Picture

Explore and monitor how Cybersecurity is affecting economies, industries and global issues

Stay up to date:

Cybersecurity

In response to a hacker releasing 117 million usernames and passwords reportedly leaked from LinkedIn in 2012, Microsoft is changing the way it thinks about passwords. Or, rather, how they let us think about passwords.

Most digital accounts set password requirements, demanding certain length, special characters or capitalization for validity. But, according to research done by one of Microsoft’s program managers, humans tend to respond to these requirements in predictable ways, actually making them more easy to crack.

To counter this, Microsoft is taking advantage of the millions of leaked passwords to identify the most common ones and ban their use for future users.

Announced in a blog post, this dynamically updating list of bad passwords is Microsoft’s attempt to increase security, and protect users from their tendency to choose passwords like “123456.”

With every new password leak, the list will update to ban other terrible passwords that emerge.

The feature is already integrated into Microsoft Account Service, including Outlook, Xbox and OneDrive.

Unless an individual selects a terrible password, setting up a new account will remain the same. But if they do, the individual will then be asked to “choose a password that’s harder for people to guess.”

More from Business Insider:

http://uk.businessinsider.com/microsoft-bing-concierge-bot-revealed-2016-5

http://uk.businessinsider.com/microsoft-exec-ai-is-the-most-important-technology-that-anybody-on-the-planet-is-working-on-today-2016-5

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.