Microsoft has taken password security to a new level and has decided to block passwords that are too common.
The password ‘12345678’ may seem an obvious one to avoid, but Microsoft will no longer allow passwords like ‘M!cr0$0ft’ either. In fact, all passwords that have appeared too many times on breach lists will be denied.
This new regulation is already live on Microsoft Account Service and in private preview in Azure Active Directory – “What we do with the data is prevent you from having a password anywhere near the current attack list, so those attacks won’t work”, Alex Weinart from Microsoft writes.
Will password restrictions now begin to change?
Microsoft’s ID protection team explains: “People react in predictable ways when confronted with similar sets of restraints”, and that these restrictions are more damaging than they are helpful.
The old beliefs about password length and multiple-character requirements, for example, may soon be scrapped. These complex password combinations can actually make passwords less secure. It’s safe to say that we can expect either a reduction in password requirements (perhaps being replaced with face recognition) or new restrictions that will make password choices less predictable.
Earlier this month the UK government advised users against the common security practice of routinely changing passwords, as this can cause problems for users who (understandably) struggle to remember dozens of passwords a day. The UK government suggested that this constant change of password meant that users were much more likely to write their password down, lessening their security. This method can also cause people to forget their password completely and have to request to change them, using up both the time and resources of companies.
Here’s to a new, simpler and safer password future. If you require any help with your system security, please contact the SCS Technology team on 0800 9520652 and we’ll be happy to help.