Most of us (and you know who you are) tend to be not-very-good when it comes to creating robust, secure passwords. If you’ve ever used your significant other’s birthday, your birthday, the word “password,” or the numbers “123456,” then you’re not alone. Millions of other people do too, and Microsoft is taking steps to help make passwords safer by banning some of the more commonly used awful ones. While they may not know your birthday, they do have access to data on millions of leaked passwords, and using that data, they’ve compiled a list of particularly weak ones that they’re simply not allowing to be used any further, on any Microsoft product.
Hackers use much of the same data to build tables that assist their attacks, so Microsoft is essentially taking a page from the Hackers’ own playbook and trying to use it against them. By preventing the use of any passwords currently on the hackers’ “hot list,” they hope to make all their products more secure. Note that this “banned weak password list” is in addition to the minimum length and character requirements already in place on Microsoft products. While you won’t see any outward differences in the appearance or functionality of these applications, if you try to set a password on the list, you’ll simply be prompted to try again.
A bit heavy-handed? Perhaps, but it is an effective way to help users help themselves and bolster the overall level of security online. The banned list is actually already in place and currently being used on Outlook, Xbox and Xbox live, OneDrive and a variety of other services, and will soon be expanded to include Microsoft’s Azure AD login system. Other companies will probably adopt a similar posture in the months ahead, or, as Google is doing with their Android OS, moving away from passwords entirely, and adopting the “Trust API” methodology.