Recent research has shown that even if Microsoft is one of the IT leaders in the world, its users still prefer easy-to-crack choices for their passwords, such as Pa$$w0rd1 for instance.
However, Microsoft program manager stated that the Microsoft Account Service has already started to log into properties such as OneDrive Azure and Xbox Live and ban weak and common passwords during the processes of password-change or account creation.
Now, if anyone tries to choose ‘letmein’, ‘password’ or ‘12345678,’ like many other people usually do, a prompt will appear on the screen telling the user to try again. This feature will soon be added to the Azure Active Directory to make it easier for enterprise customers who are using the service, not to allow employees to take security shortcuts too.
Nevertheless, the statistics show that you can ‘avoid’ getting banned by just using a slightly modified password, such as ‘Pa$$w0rd1.’ Plus, it works on Google accounts as well.
One of the top measures used by service providers to improve the strength of the passcode level is to blacklist weak passwords at the platform level. But the target of these actions is to fight back the online password cracking.
A famous example would be the Romanian hacker, Guccifer, who gained unauthorized access to e-mail accounts of a former member of the US joint chiefs, a former US cabinet member and the families of two former US presidents through online cracking.
Therefore, experts expect the problem of online cracking to drop off by using the blacklisting method which is more efficient that prompting the user to change the password every three months. Plus, many organizations and companies still rely on this unsafe policy. But the limit of blacklisting has been proved by the fact that the system still accepts ‘Pa$$w0rd1’ for Microsoft and Google accounts.
Another idea would be to inform and educate people to understand that they need to use stronger passwords in order to protect their accounts and prevent a possible online cracking. In the worst case scenario of a server breach that would grant the attacker the opportunity to launch an off-line attack, ‘Pa$$w0rd1’ would be one of the first ones to be cracked.
However, the problem of weak passwords is still very widespread as millions of public users still rely on them.
Image Source:The Next Web