Microsoft Warning: Avoid Reusing Passwords

Uploaded on 2019-12-18 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Many Microsoft customers are using log-ins that have previously been breached and this puts them and their organisation at risk of account takeover. Leaked passwords from data breaches can pose a serious threat if users reuse or slightly modify the passwords for other services, Microsoft has revealed.

With more and more online services getting breached, there is still a lack of large-scale quantitative understanding of the risks of password reuse and modification. 

In a study running from January to March 2019, Microsoft’s threat research team checked over three billion credentials known to have been stolen by hackers, using third-party sources such as law enforcement and public databases. It found a match for over 44 million Microsoft Services Accounts, used primarily by consumers, and Microsoft’s AzureAD accounts, which is more worrying for businesses. 

Microsoft has said, “For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side. On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced.....Given the frequency of passwords being reused by multiple individuals, it is critical to back your password with some form of strong credential. Multi-Factor Authentication (MFA) is an important security mechanism that can dramatically improve your security posture.” Microsoft claimed that 99.9% of identity attacks can be mitigated by turning on MFA.

The advice is especially important in the context of ongoing credential stuffing attacks. An Akamai report earlier this year claimed that such attacks are costing the average EMEA firm on average $4 million annually in app downtime, lost customers and extra IT support.

Attacks have already struck far and wide this year, affecting many organisations.In analysis in 2018 it showed that 30 million users found that password reuse was common among over half (52%), while nearly a third (30%) of modified passwords were easy to crack within just 10 guesses.

A Google poll of 3000 computer users released earlier this year found that just a third (35%) use a different password for all accounts, and only a quarter (24%) use a password manager.

Akamai:          Microsoft:         Infosecurity:       Virginia Tech:

You Might Also Read:

Employee Training Is Vital For Commercial Cybersecurity:

Microsoft Say The IoT Is Under Attack:

 

« 2020 Cyber Attack Predictions
Ransom Attack Strikes New Orleans »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

NESEC

NESEC

NESEC is a specialist in information security consulting services and solutions.

DXC Technology

DXC Technology

DXC Technology helps global companies run their mission critical systems and operations while modernizing IT, optimizing data architectures, and ensuring security and scalability.

Flexential

Flexential

Flexential helps organizations optimize their journey of IT transformation while simultaneously balancing cost, scalability, compliance and security.

Zecurion

Zecurion

Zecurion data loss prevention (DLP) solution is an easy-to-use solution for securing confidential data at rest and in motion.

Sternum

Sternum

Sternum provides reliable and effective endpoint security for any IoT device, using robust technology and seamless integration.

Propelo

Propelo

Propelo (formerly LevelOps) is an engineering excellence platform that helps increase developer productivity and improve security with data-led insights and workflow automation.

Mobileum

Mobileum

Mobileum is a leading provider of Telecom analytics for roaming, security and risk management and end-to-end domestic and roaming testing solutions.

Prima Cyber Solutions (PCS)

Prima Cyber Solutions (PCS)

Prima Cyber Solutions is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

Avalanchio Technologies

Avalanchio Technologies

The Avalanchio platform gives you a complete solution to collect, process, and analyze security data to detect threats in real-time and analyze historical data using security DSL or SQL.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

Foresiet

Foresiet

Foresiet is the first platform to cover all of your digital risks, allowing enterprise to focus on the core business.

BreachBits

BreachBits

BreachBits are on a mission to deliver world-class cyber risk insights continuously at scale in situations where knowing the true risk truly matters.

Sardine

Sardine

Sardine is a leader in financial crime prevention. Using unparalleled device intelligence and behavior biometrics, Sardine applies machine learning to detect and stop fraud before it happens.

Invisily

Invisily

Invisily makes enterprise and cloud computing resources invisible to attackers with zero trust solutions, making them visible only when needed to only those who need them.

Helix Tech Consulting

Helix Tech Consulting

Helix Tech have expertise in a wide range of technology areas, including IT strategy, infrastructure design, cybersecurity, disaster recovery, cloud, data centers, IT cost optimization, and more.