In the wake of last week's LinkedIn hack when 117 million user credentials were leaked, Microsoft has declared it is tightening password security by forbidding easy passwords.
The LinkedIn data revealed that the most popular passwords people used were "123456" and "linkedin," while previous research has shown that "password", "qwerty" and "football" is also amongst the top 10 passwords used.
According to Alex Weinert from Microsoft's Identity Protection Team, Microsoft has been collecting all the passwords guessed by hackers and fends off attacks to 10 million accounts on a daily basis and "We analyse the passwords that are being used most commonly. Bad guys use this data to inform their attacks," he wrote. "What *we* do with the data is to prevent you from having a password anywhere near the current attack list, so those attacks won’t work."
The service, which will work on Microsoft Accounts including Outlook emails and cloud directory Azure AD, will then prevent you from using the most commonly used passwords, so you are less likely to get hacked.
The company is also implementing a "smart password lockout" system that only locks out hackers, rather than the entire account. Microsoft can determine the risk associated with a specific login session (where the person is logging in and what network they are using) so they can lock out alleged intruders, but you can still login if you are doing so from your own device on an internet network you have used before.
These days, passwords are commonly regarded as a broken form of security for our online lives. According to Weinert, password length requirements and regular password expiration (like when your office network compels you to frequently change your password) are all fallacies that actually make your password easier to crack.
One of the easiest ways to access someone's online account is to guess a password, and hacking software tends to try the most common ones first.
HOW TO | Pick a password
• Don't re-use passwords. One ultra-secure one won't be any good if someone finds it
• While combining upper and lower case passwords with numbers to alter a memorable word - M4raD0na - is often advised, these are more easily cracked than you might think
• Good advice is to make a memorable, unusual sentence: "I am a 7-foot tall metal giant" is better than "My name is John", and use the first letter of each word with punctuation: "Iaa7-ftmg"
• Alternatively, you can use a password manager such as 1Password, which can generate secure passwords and store them online
• The best way to protect yourself is to use two-factor authentication, which will send a text with a code or use an app to verify your log-in