Microsoft recently conducted its own independent security audit for threat assessment, and the results were shocking. The Windows OS maker who also offers several other cloud-based services realized that “millions” of users practice extremely poor password hygiene. In other words, a vast number of users reuse login credentials, making it extremely easy for hackers and malicious agencies to gain unauthorized entry through legitimate login techniques.
Microsoft performed a threat assessment of its services as well as of the users of these services between January and March of this year. The company claims it was shocked by the results of the private and internal security audit. While the multitude of Microsoft services is inherently secure and well protected, it is the users who seem to be careless about security and safety protocols with their data. According to the Microsoft threat research team, millions of users are carelessly reusing their passwords on Microsoft’s services.
Three Billion Microsoft Accounts Analyzed With Shocking Revelations About Password And Online Safety Protocols:
As an ongoing effort to strengthen the security of users as well as services that Microsoft offers, the company checked over 3 billion accounts and login credentials. Shockingly, 44 million Microsoft services and Azure AD accounts had identical or matching login credentials. This clearly indicates users were carelessly reusing their login credentials on multiple platforms.
Forced reset: Microsoft finds 44 million users of insecure passwords – https://t.co/3txQQis1UG – #unique #microsoft #sicherheit #passwort #passworter #passwort pic.twitter.com/YsNoA17nEf Translated using #MicrosoftFlow
— Daniel Villamizar (@CSA_DVillamizar) December 6, 2019
What’s even more concerning is that Microsoft discovered a vast number from the 3 billion accounts which were audited, was leaked online. This has routinely prompted Microsoft to force a password reset to ensure the accounts were safeguarded from digital abuse. As a result, several users of Microsoft services have routinely received notifications and emails that have informed them about the login credentials being reset. Under such circumstances, users are advised to follow a login procedure which involves confirming ownership of the accounts.
The other important aspect that Microsoft discovered was that 30 percent of the reused or modified passwords can be cracked within just 10 guesses. Needless to add, this allows hackers to deploy a breach replay attack. Simply put, once hackers are able to successfully gain unauthorized entry through legitimate login details, they try and use similar credentials to break into other accounts as well. Needless to mention, with poor password hygiene, such attacks have a very high probability of success.
— Jorgen Hauge (@Jorgenhauge) December 6, 2019
How To Protect Online Accounts From Hacking Attempts?
The most essential aspect of online security is using unique login credentials for each platform. Even if Microsoft offers multiple services, it is critical that users enter a different password for each service. This significantly reduces the risk of a breach replay attack.
" If not passwords then what ? "
Google & Microsoft have both talked up a passwordless future, but what does that mean and is the technology ready to make it happen anytime soon? pic.twitter.com/mKeP3E10fB
— breizh2008 (@breizh2008) December 6, 2019
The other method, which must be used in conjunction with strong and unique passwords is the Two Factor Authentication (2FA). Microsoft claims 99 percent of the attacks can be prevented by using Multi-Factor Authentication. Incidentally, Microsoft does offer users the ability to create unique usernames instead of relying on the email ID. This grants users yet another method to deter an attack.