Microsoft Warning: Avoid Reusing Passwords

Uploaded on 2019-12-18 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Many Microsoft customers are using log-ins that have previously been breached and this puts them and their organisation at risk of account takeover. Leaked passwords from data breaches can pose a serious threat if users reuse or slightly modify the passwords for other services, Microsoft has revealed.

With more and more online services getting breached, there is still a lack of large-scale quantitative understanding of the risks of password reuse and modification. 

In a study running from January to March 2019, Microsoft’s threat research team checked over three billion credentials known to have been stolen by hackers, using third-party sources such as law enforcement and public databases. It found a match for over 44 million Microsoft Services Accounts, used primarily by consumers, and Microsoft’s AzureAD accounts, which is more worrying for businesses. 

Microsoft has said, “For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side. On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced.....Given the frequency of passwords being reused by multiple individuals, it is critical to back your password with some form of strong credential. Multi-Factor Authentication (MFA) is an important security mechanism that can dramatically improve your security posture.” Microsoft claimed that 99.9% of identity attacks can be mitigated by turning on MFA.

The advice is especially important in the context of ongoing credential stuffing attacks. An Akamai report earlier this year claimed that such attacks are costing the average EMEA firm on average $4 million annually in app downtime, lost customers and extra IT support.

Attacks have already struck far and wide this year, affecting many organisations.In analysis in 2018 it showed that 30 million users found that password reuse was common among over half (52%), while nearly a third (30%) of modified passwords were easy to crack within just 10 guesses.

A Google poll of 3000 computer users released earlier this year found that just a third (35%) use a different password for all accounts, and only a quarter (24%) use a password manager.

Akamai:          Microsoft:         Infosecurity:       Virginia Tech:

You Might Also Read:

Employee Training Is Vital For Commercial Cybersecurity:

Microsoft Say The IoT Is Under Attack:

 

« 2020 Cyber Attack Predictions
Ransom Attack Strikes New Orleans »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Security Current

Security Current

Security Current's proprietary content and events provide insight, actionable advice and analysis giving executives the latest information to make knowledgeable decisions.

NextLabs

NextLabs

NextLabs provides data-centric security software to protect business-critical data and applications.

ObserveIT

ObserveIT

ObserveIT helps companies identify & eliminate insider threats. Visually monitor & quickly investigate with our easy-deploy user activity monitoring solution.

BeOne Development

BeOne Development

BeOne Development provide innovative training and learning solutions for information security and compliance.

Assured Information Security (AIS)

Assured Information Security (AIS)

AIS is committed to providing our customers with critical information security products, services, and training. We support diverse needs throughout business and industry.

Wireless Logic

Wireless Logic

Wireless Logic delivers a range of secure and resilient value-added M2M/IoT managed services that empower remote devices to communicate cost-effectively, two ways.

KLC Consulting

KLC Consulting

KLC Consulting offers information assurance / Security, IT Audit, and Information Technology products and services to government and Fortune 1000 companies.

CyberSeek

CyberSeek

CyberSeek provides detailed, actionable data about supply and demand in the cybersecurity job market.

VKANSEE

VKANSEE

VKANSEE offer the world's thinnest optical fingerprint sensor for mobile device protection.

AlertEnterprise

AlertEnterprise

AlertEnterprise uniquely eliminates silos and uncovers blended threats across IT Security, Physical Access Controls and Industrial Control Systems.

DarkLight

DarkLight

DarkLight is a cybersecurity platform that mimics human thinking at scale to build resiliency to Advanced Persistent Threats.

CyberSec Hub - The Kosciuszko Institute

CyberSec Hub - The Kosciuszko Institute

The goal of CyberSec Hub is to create a centre of excellence for cybersecurity in Krakow, a new European “Cyber-Silicon Valley”.

Labs/02

Labs/02

Labs/02 is a seed-stage incubator with a mission to advance cutting-edge technology in innovative areas including AI, deep learning, autonomous transportation, and smart cities.

SimSpace

SimSpace

SimSpace is the visionary yet practical platform for measuring how your security system responds under actual, sustained attack.

Stratum Security

Stratum Security

Stratum Security is an information security consulting company that focuses on providing clear and concise risk guidance to its clients through high quality assessment services.

Dataships

Dataships

We help companies automate their privacy compliance while building healthy, transparent data relationships with their customers.