After the LinkedIn debacle, Microsoft says it will stop users from choosing easily guessable passwords in a bid to prevent a repeat of the former’s recently resurfaced fiasco.
Microsoft’s Alex Simons said that his firm will try to avoid the same thing happening to it by preventing users from making lazy choices in passwords.
Following last week's leak of 117 Million LinkedIn customer email credentials, Microsoft has detailed how it's using the leaked list and others like it to prevent Microsoft Account users from picking passwords that appear frequently in stolen data.
Microsoft will soon launch a new Azure Active Directory (AD) feature that will let admins stop users from picking easily-guessed passwords. Microsoft will roll out the feature to over 10 million Azure AD tenants in coming months.
IT admins will have the ability to lock down corporate email accounts automatically if the username and password for those accounts match credentials in a newly-leaked list.
Microsoft runs the list of compromised credentials through a system that compares hashes of the passwords with those stored with live accounts. If it identifies an at-risk account, Microsoft locks it and prompts the user to verify their identity and reset their password. This capability will be available with Azure AD users.
Andrew Tang, service director of security at MTI said that there is very little risk with the initiative.
“We are trusting Microsoft to store and secure that password, as it will need to be check every time it's used. Like all other systems, it's just an algorithm to check how the password is structured.”