Microsoft Warning: Avoid Reusing Passwords

Uploaded on 2019-12-18 in FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Many Microsoft customers are using log-ins that have previously been breached and this puts them and their organisation at risk of account takeover. Leaked passwords from data breaches can pose a serious threat if users reuse or slightly modify the passwords for other services, Microsoft has revealed.

With more and more online services getting breached, there is still a lack of large-scale quantitative understanding of the risks of password reuse and modification. 

In a study running from January to March 2019, Microsoft’s threat research team checked over three billion credentials known to have been stolen by hackers, using third-party sources such as law enforcement and public databases. It found a match for over 44 million Microsoft Services Accounts, used primarily by consumers, and Microsoft’s AzureAD accounts, which is more worrying for businesses. 

Microsoft has said, “For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side. On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced.....Given the frequency of passwords being reused by multiple individuals, it is critical to back your password with some form of strong credential. Multi-Factor Authentication (MFA) is an important security mechanism that can dramatically improve your security posture.” Microsoft claimed that 99.9% of identity attacks can be mitigated by turning on MFA.

The advice is especially important in the context of ongoing credential stuffing attacks. An Akamai report earlier this year claimed that such attacks are costing the average EMEA firm on average $4 million annually in app downtime, lost customers and extra IT support.

Attacks have already struck far and wide this year, affecting many organisations.In analysis in 2018 it showed that 30 million users found that password reuse was common among over half (52%), while nearly a third (30%) of modified passwords were easy to crack within just 10 guesses.

A Google poll of 3000 computer users released earlier this year found that just a third (35%) use a different password for all accounts, and only a quarter (24%) use a password manager.

Akamai:          Microsoft:         Infosecurity:       Virginia Tech:

You Might Also Read:

Employee Training Is Vital For Commercial Cybersecurity:

Microsoft Say The IoT Is Under Attack:

 

« 2020 Cyber Attack Predictions
Ransom Attack Strikes New Orleans »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Vertical Structure

Vertical Structure

Vertical Structure services include Security & Penetration Testing, Information Assurance, Bespoke Training Programs and Secure Hosting.

Namogoo

Namogoo

Namogoo’s disruptive technology identifies and blocks unauthorized product ads that are injected into customer web sessions by client-side Digital Malware.

Unitrends

Unitrends

Unitrends helps IT pros do more with less by providing an all-in-one enterprise backup and continuity solution.

The Legal 500

The Legal 500

The Legal 500 Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. Practice areas covered include Data Protection, Privacy and Cybersecurity.

Cyber Pop-Up

Cyber Pop-Up

Cyber Pop-Up provide on-demand access to top security experts. No recruiting. No onboarding. No overhead costs.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

Tracepoint

Tracepoint

Tracepoint provide full-service cyber incident response, remediation and recovery solutions for the most time-sensitive situation your company may ever face.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

FourthRev

FourthRev

FourthRev is an education-technology start-up with a mission to solve the skills crisis of the Fourth Industrial Revolution.

Cyber Management Alliance

Cyber Management Alliance

Cyber Management Alliance is closing the divide in cyberspace by bringing together the best qualities of thought leadership and operational mastery of cyber security management.

Codean

Codean

The Codean Review Environment automates mundane software analysis tasks, so security experts can focus on finding vulnerabilities.

MS Tech Solutions

MS Tech Solutions

MS Tech Solutions is a Jamaican-based, multinational consulting company that specializes in the architecture, implementation and management of key network and Information technologies.

Lansweeper

Lansweeper

Lansweeper is an IT Asset Management platform provider helping businesses better understand, manage and protect their IT devices and network.

ZX Security

ZX Security

ZX Security is a New Zealand owned and operated cyber security consultancy.

Converged Communication Solutions

Converged Communication Solutions

Converged is an independent Internet Service Provider, telephony, IT support and security specialist.

Elitery

Elitery

Elitery is an IT-managed service company that focuses on cloud and cybersecurity services.