Microsoft Is Banning Easy-to-Remember Passwords

May 27, 2016, 7:20 PM UTC
The word 'password' is pictured on a computer screen in this picture illustration taken in Berlin
The word 'password' is pictured on a computer screen in this picture illustration taken in Berlin May 21, 2013. The Financial Times' website and Twitter feeds were hacked May 17, 2013, renewing questions about whether the popular social media service has done enough to tighten security as cyber-attacks on the news media intensify. The attack is the latest in which hackers commandeered the Twitter account of a prominent news organization to push their agenda. Twitter's 200 million users worldwide send out more than 400 million tweets a day, making it a potent distributor of news. REUTERS/Pawel Kopczynski (GERMANY - Tags: CRIME LAW SCIENCE TECHNOLOGY) - RTXZUYO
Photograph by Pawel Kopczynski — Reuters

You know those really simple, easy-to-remember passwords you use that help you log into apps? Well, Microsoft is banning them from some of its services.

Microsoft is banning simple and regularly used passwords across the company’s many platforms, including Office, Xbox, and Skype, among others. In a blog post this week and earlier reported on by Mashable, Microsoft (MSFT) said that users will now need to use passwords with eight characters, and will evaluate the desired option against common passwords that are typically targeted by hackers. The service will also be available on Microsoft’s cloud-based Azure service.

“When it comes to big breach lists, cybercriminals and the Azure AD Identity Protection team have something in common—we both analyze the passwords that are being used most commonly,” Microsoft group program manager Alex Weinert said in a blog post. “Bad guys use this data to inform their attacks…What we do with the data is prevent you from having a password anywhere near the current attack list, so those attacks won’t work.”

Get Data Sheet, Fortune’s technology newsletter.

Microsoft is determining which passwords should be banned by culling data from attacks on its own users. The company said that it continually monitors those attacks, evaluates the passwords used, and maintains a “dynamically updated banned password list.”

Earlier this year, security firm SplashData, which releases its list of the worst passwords each year, found that in 2015, Internet users were rather sloppy with their passwords. In fact, the company found that “123456” was the most commonly used password on the Internet, followed by “password.” The list also included items like “starwars” and “qwerty.” The data comes from more than two million leaked passwords it recovered last year and suggests users aren’t taking password security as seriously as they should.

The threats to passwords are real. Just last week, a hacker was offering a list of 117 million usernames and passwords the person allegedly obtained from LinkedIn (LNKD). It was the latest in a strong of password hacks that have prompted companies both big and small to think up new ways to safeguard accounts. Those efforts range from requiring stronger passwords to using two-factor authentication, which asks a user to both input a password and a code he or she would receive on another device.

Despite those efforts, there are no signs of hacking attempts ending anytime soon. In fact, Microsoft says that 10 million of its users’ accounts are attacked each day.

For more on Microsoft, watch this video:

Microsoft’s attempts at keeping user data safe doesn’t necessarily mean it’ll be the panacea the company (and perhaps its users) are seeking. While Microsoft will try to compare passwords against a list to minimize chances of regularly used credentials from being used, it doesn’t mean hackers can’t find other ways to attack and steal data.

In the security world, it’s a game of cat and mouse. And Microsoft is trying to ban passwords to gain an upper-hand in that game.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward