Technology
Microsoft found 44 million accounts using breached passwords
Disclosure
Every product here is independently selected by Mashable journalists. If you buy something featured, we may earn an affiliate commission which helps support our work.
Follow @https://twitter.com/PCMag
PCMag.com is a leading authority on technology, delivering Labs-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.
Microsoft has discovered 44 million user accounts are using usernames and passwords that have been leaked through security breaches.
As ZDNet reports, the vulnerable account logins were discovered when Microsoft’s threat research team carried out a scan of all Microsoft accounts between January and March this year. The accounts were compared to a database of over three billion sets of leaked credentials and resulted in 44 million matches.
These accounts were spread between regular user accounts used by consumers (Microsoft Services Accounts) and enterprise accounts in the form of Microsoft Azure AD logins. In response, Microsoft explained, “For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side … On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced.”
Microsoft goes on to recommend that, “Given the frequency of passwords being reused by multiple individuals, it is critical to back your password with some form of strong credential. Multi-Factor Authentication (MFA) is an important security mechanism that can dramatically improve your security posture. Our numbers show that 99.9% of identity attacks have been thwarted by turning on MFA.”
Picking a password is always a trade-off between what’s memorable and what’s strong, which is why using a password manager makes so much sense. But we have another problem: security breaches expose passwords and they shouldn’t be used by anyone.
While Microsoft did the right thing resetting the passwords on these account, it currently can’t stop a user selecting a new password that’s also been exposed as part of a past security breach. A positive next move would be to perform a check when a password is entered to see if it appears on a breach list, and if it is, to reject it and request the user pick something else.
This article originally published at PCMag
here
-
Entertainment6 days ago
‘Only Murders in the Building’ Season 4 ending explained: Who killed Sazz and why?
-
Entertainment7 days ago
Polling 101: Weighting, probability panels, recall votes, and reaching people by mail
-
Entertainment5 days ago
When will we have 2024 election results online?
-
Entertainment6 days ago
5 Dyson Supersonic dupes worth the hype in 2024
-
Entertainment4 days ago
Halloween 2024: Weekend debates, obscure memes, and a legacy of racism
-
Entertainment5 days ago
Social media drives toxic fandom. Is there a solution?
-
Entertainment4 days ago
Is ‘The Substance’ streaming? How to watch at home
-
Entertainment4 days ago
M4 MacBook Pro vs. M3 MacBook Pro: What are the differences?