Microsoft Pushes Use of Strong Passwords and Prohibits Simple Passwords Appearing on Banned List

In an effort to curtail data breaches and provide a more secure infrastructure for consumers, Microsoft is actively banning the use of simple passwords that appear in their banned password list. Additionally, the software firm is requiring users of their Microsoft Account and Microsoft Azure Active Directory to utilize unique and strong passwords.

After LinkedIn suffered a major blow with a data breach years ago that was recently brought to light, other companies are taking proactive measures to reduce the likelihood of attacks. Starting with the simple security aspects that companies like Microsoft can put in motion, the software firm is electing to ban the use of passwords that show up on their dynamically updated banned password list. Moreover, Microsoft is forcing its users to change their passwords to a strong one that cannot be easily guessed and potentially lead to password-guessing brute-force attacks.

While Microsoft isn't the only company that has implemented password changes to use ones that are considered to be strong and not easily guessed, they have rolled out the new strategies across most Microsoft accounts to avoid cyberattacks and data breaches primarily. Microsoft, at the start of this month, revealed how they have seen over ten million cyberattacks each day on its Microsoft Account and Azure Active Directory identity systems. With so many attacks focused on certain services that could significantly affect a large user base, Microsoft is deploying password changes with stringent criteria to accept new passwords. Within the criteria chosen by Microsoft to change user passwords, users are required to use a strong password, one that is 8-characters minimum and is case sensitive.

There are a few companies that maintain their own blacklist of items that help the information security sector prevent breaches and maintain and secure environment. Microsoft, for many years, has actively maintained a dynamically updated banned password list. Within the list, Microsoft includes passwords that are commonly used and ones that are easy to guess. Consumers, new and old, are not permitted to use any passwords stored in the banned password list, in addition to being forced to create a "strong" password.

In Microsoft's quest to have a more secure environment within its servers and user base, they will also utilize data gathered from the countless brute-force attacks on its servers. Using such data will help Microsoft better understand what type of attacks they need to block and what kind of password-guessing methods attackers are using. Armed with the proper data gathered from the attacks could add additional passwords to Microsoft's banned password list to further improve the security of consumer logins.

The last thing companies like Microsoft want is a major data breach where it overturns millions of its user account data to hackers or the highest bidder on the Dark Web. LinkedIn is a prime example in the case where as many as 167 million records from 2012 were allegedly spilled from a data breach of why others should enact measured to protect their consumer data. Simply put, taking action now while using additional resources up front is much better than suffering the backlash and backtracking after a major data breach even if it means making some consumer's a little annoyed with a prompted password change.