Cybersecurity

Microsoft is banning easy-to-guess passwords, to protect users from themselves

This article is published in collaboration with Business Insider.
A hand is silhouetted in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. The Financial Times' website and Twitter feeds were hacked May 17, 2013, renewing questions about whether the popular social media service has done enough to tighten security as cyber-attacks on the news media intensify. The attack is the latest in which hackers commandeered the Twitter account of a prominent news organization to push their agenda. Twitter's 200 million users worldwide send out more than 400 million tweets a day, making it a potent distributor of news.

In response to a hacker releasing 117 million usernames and passwords, Microsoft is putting an end to insecure passwords. Image: REUTERS/Pawel Kopczynski

Cadence Bambenek

In response to a hacker releasing 117 million usernames and passwords reportedly leaked from LinkedIn in 2012, Microsoft is changing the way it thinks about passwords. Or, rather, how they let us think about passwords.

Most digital accounts set password requirements, demanding certain length, special characters or capitalization for validity. But, according to research done by one of Microsoft’s program managers, humans tend to respond to these requirements in predictable ways, actually making them more easy to crack.

To counter this, Microsoft is taking advantage of the millions of leaked passwords to identify the most common ones and ban their use for future users.

Announced in a blog post, this dynamically updating list of bad passwords is Microsoft’s attempt to increase security, and protect users from their tendency to choose passwords like “123456.”

With every new password leak, the list will update to ban other terrible passwords that emerge.

The feature is already integrated into Microsoft Account Service, including Outlook, Xbox and OneDrive.

Unless an individual selects a terrible password, setting up a new account will remain the same. But if they do, the individual will then be asked to “choose a password that’s harder for people to guess.”

More from Business Insider:

http://uk.businessinsider.com/microsoft-bing-concierge-bot-revealed-2016-5

http://uk.businessinsider.com/microsoft-exec-ai-is-the-most-important-technology-that-anybody-on-the-planet-is-working-on-today-2016-5

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Cybersecurity

Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

More on Cybersecurity
See all

How to protect the global supply chain from phishing scams

Blake Darché

November 25, 2024

5 ways to achieve effective cyber resilience

1:40

100% cybersecurity is unachievable. Here are 4 ways to get as close as possible

About us

More from the Forum

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum