Microsoft Warning: Avoid Reusing Passwords

Uploaded on 2019-12-18 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Many Microsoft customers are using log-ins that have previously been breached and this puts them and their organisation at risk of account takeover. Leaked passwords from data breaches can pose a serious threat if users reuse or slightly modify the passwords for other services, Microsoft has revealed.

With more and more online services getting breached, there is still a lack of large-scale quantitative understanding of the risks of password reuse and modification. 

In a study running from January to March 2019, Microsoft’s threat research team checked over three billion credentials known to have been stolen by hackers, using third-party sources such as law enforcement and public databases. It found a match for over 44 million Microsoft Services Accounts, used primarily by consumers, and Microsoft’s AzureAD accounts, which is more worrying for businesses. 

Microsoft has said, “For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side. On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced.....Given the frequency of passwords being reused by multiple individuals, it is critical to back your password with some form of strong credential. Multi-Factor Authentication (MFA) is an important security mechanism that can dramatically improve your security posture.” Microsoft claimed that 99.9% of identity attacks can be mitigated by turning on MFA.

The advice is especially important in the context of ongoing credential stuffing attacks. An Akamai report earlier this year claimed that such attacks are costing the average EMEA firm on average $4 million annually in app downtime, lost customers and extra IT support.

Attacks have already struck far and wide this year, affecting many organisations.In analysis in 2018 it showed that 30 million users found that password reuse was common among over half (52%), while nearly a third (30%) of modified passwords were easy to crack within just 10 guesses.

A Google poll of 3000 computer users released earlier this year found that just a third (35%) use a different password for all accounts, and only a quarter (24%) use a password manager.

Akamai:          Microsoft:         Infosecurity:       Virginia Tech:

You Might Also Read:

Employee Training Is Vital For Commercial Cybersecurity:

Microsoft Say The IoT Is Under Attack:

 

« 2020 Cyber Attack Predictions
Ransom Attack Strikes New Orleans »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Centre for Secure Information Technologies (CSIT)

Centre for Secure Information Technologies (CSIT)

CSIT is a UK Innovation and Knowledge Centre (IKC) for secure information technologies. Our vision is to be a global innovation hub for cyber security.

Digital DNA

Digital DNA

Digital DNA provides Law-Enforcement-Grade Computer Forensics, Cyber Security and E-Discovery Investigations.

SecureDevice

SecureDevice

SecureDevice is a Danish IT Security company.

Verint Systems

Verint Systems

Verint is a leader in Actionable Intelligence with a focus on customer engagement optimisation, security intelligence, fraud, risk and compliance.

Viavi Solutions

Viavi Solutions

Viavi Solutions is a global leader in both network and service enablement and optical security performance products and solutions.

Cyber Security Specialists

Cyber Security Specialists

Cyber Security Specialists Limited provide Security services across a wide range of markets, from multi-national Corporate Organisations and Government Agencies, through to smaller Businesses.

GOVCERT.lu

GOVCERT.lu

GOVCERT.lu is responsible for the treatment of all computer related incidents jeopardising the information systems of the government and defined critical infrastructure operators in Luxembourg.

Granted Consultancy

Granted Consultancy

Granted Consultancy is a business consultancy that specialises in securing funding to support companies with the development and commercialisation of new and innovative products and technologies.

Elpha Secure

Elpha Secure

Elpha Secure provides a comprehensive cybersecurity solution, combining technology and insurance to protect against cyber threats.

Help AG

Help AG

Help AG provides leading enterprise businesses and governments across the Middle East with strategic consultancy combined with tailored information security solutions and services.

Noname Security

Noname Security

Noname Security detects and resolves API vulnerabilities and misconfigurations before they are exploited.

OptimEyes.ai

OptimEyes.ai

OptimEyes.ai is a unique AI-powered, on-demand SaaS solution for cyber-security, data privacy and compliance risk modeling.

Wing Security

Wing Security

Wing fosters a stronger security culture by engaging SaaS end-users and enabling easy communication with security teams.

Phronesis Security

Phronesis Security

Phronesis Security is committed to delivering world-class cyber security consulting with a tangible social and environmental impact.

Corona IT Solutions

Corona IT Solutions

At Corona IT Solutions, our team of specialists in networking, wireless and VoIP are dedicated to providing proactive monitoring and management of your IT systems.

Offensive Security Manager (OSM)

Offensive Security Manager (OSM)

Offensive Security Manager is the ultimate AI software that will enforce offensive security automation, orchestration, coverage, ensure quality, and lets you manage whole process.