Microsoft have been conducting research into what sort of threat that it’s users might be under. It has uncovered that a staggering amount of people are using passwords that have previously been compromised in data breaches. The number is thought to be around 44 million. These include businesses suggesting they are not adopting proper password protection, which will be worrying to hear for their customers.
Over 3 billion user credentials were checked from the data base, which include public databases but also data from law enforcement agencies.
What should users do?
Along with Microsoft, we recommend that people do not reuse login credentials for multiple services and where possible, use a method of multi-factor authentication (MFA). This means that a user must take multiple steps to prove their identity before being able to access accounts/services.
Out of the 30 million users that were studied by Microsoft, 52% of them used the same passwords but used slight modifications of them. For example, instead of Password1 they may put Password2. 30% of passwords were found to be guessable with in 10 attempts.
Microsoft have raised the character limit for Azure AD accounts to 256 from 16 which allows passwords to be significantly longer and makes it a lot harder to forcefully break into someone’s account. Using auto generated passwords and using a secure password manager to keep them safe in one place will be the best way to reduce the risk of your accounts being compromised.
If you have any questions about how best to keep your accounts and log in details secure, get in touch.