Microsoft Warning: Avoid Reusing Passwords

Uploaded on 2019-12-18 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Many Microsoft customers are using log-ins that have previously been breached and this puts them and their organisation at risk of account takeover. Leaked passwords from data breaches can pose a serious threat if users reuse or slightly modify the passwords for other services, Microsoft has revealed.

With more and more online services getting breached, there is still a lack of large-scale quantitative understanding of the risks of password reuse and modification. 

In a study running from January to March 2019, Microsoft’s threat research team checked over three billion credentials known to have been stolen by hackers, using third-party sources such as law enforcement and public databases. It found a match for over 44 million Microsoft Services Accounts, used primarily by consumers, and Microsoft’s AzureAD accounts, which is more worrying for businesses. 

Microsoft has said, “For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side. On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced.....Given the frequency of passwords being reused by multiple individuals, it is critical to back your password with some form of strong credential. Multi-Factor Authentication (MFA) is an important security mechanism that can dramatically improve your security posture.” Microsoft claimed that 99.9% of identity attacks can be mitigated by turning on MFA.

The advice is especially important in the context of ongoing credential stuffing attacks. An Akamai report earlier this year claimed that such attacks are costing the average EMEA firm on average $4 million annually in app downtime, lost customers and extra IT support.

Attacks have already struck far and wide this year, affecting many organisations.In analysis in 2018 it showed that 30 million users found that password reuse was common among over half (52%), while nearly a third (30%) of modified passwords were easy to crack within just 10 guesses.

A Google poll of 3000 computer users released earlier this year found that just a third (35%) use a different password for all accounts, and only a quarter (24%) use a password manager.

Akamai:          Microsoft:         Infosecurity:       Virginia Tech:

You Might Also Read:

Employee Training Is Vital For Commercial Cybersecurity:

Microsoft Say The IoT Is Under Attack:

 

« 2020 Cyber Attack Predictions
Ransom Attack Strikes New Orleans »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Skybox Security

Skybox Security

Skybox combines firewall and network device data with vulnerability and threat intelligence, putting security decisions in your unique network context.

CyberSec.sk

CyberSec.sk

CyberSec.sk is the Slovak portal bringing the latest cyber security news, politics, tips and instructions on how to protect the internet.

Blockchain Slovakia

Blockchain Slovakia

Blockchain Slovakia is a non-profit organization that brings together researchers, developers, entrepreneurs, regulators, investors and the public to support blockchain technology in Slovakia.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

OEDIV SecuSys

OEDIV SecuSys

OEDIV SecuSys (formerly iSM Secu-Sys) develops high-quality IT software solutions, setting standards as a technology leader in the area of identity and access management.

Sothis

Sothis

Sothis is an information technology services company offering a range of solutions including cybersecurity, managed security services, information governance and compliance.

TruNarrative

TruNarrative

TruNarrative provides a unified solution for Identity Verification, Fraud Detection, eKYC, Risk Assessment, AML Compliance and Account Monitoring.

SafeLogic

SafeLogic

SafeLogic provides strong encryption products for solutions in mobile, server, Cloud, appliance, wearable, and IoT environments that are pursuing compliance to strict regulatory requirements.

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

CYBER.ORG

CYBER.ORG

CYBER.ORG's goal is to empower educators as they prepare the next generation to succeed in the cyber workforce of tomorrow.

CYRISMA

CYRISMA

CYRISMA is a revolutionary cybersecurity platform that helps organizations manage risk without the usual headaches associated with enterprise cybersecurity tools.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

Kiberna

Kiberna

Kiberna are a small but niche company specialising in data driven security to manage your cyber risks.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

Excite Cyber

Excite Cyber

Excite Technology Services (formerly Cipherpoint) is focused on improving the security posture of our customers.

Entitle

Entitle

Entitle's SaaS-based platform automates how permissions are managed, enabling organizations to eliminate bottlenecks and implement robust cloud least privilege access.