Windows 10: Microsoft: 44 million Microsoft accounts use leaked passwords

Discus and support Microsoft: 44 million Microsoft accounts use leaked passwords in Windows 10 News to solve the problem; Microsoft ran a password-reuse analysis on over three billion company accounts in 2019 to find out how many of the used password were in use by... Discussion in 'Windows 10 News' started by GHacks, Dec 6, 2019.

  1. GHacks
    GHacks New Member

    Microsoft: 44 million Microsoft accounts use leaked passwords


    Microsoft ran a password-reuse analysis on over three billion company accounts in 2019 to find out how many of the used password were in use by Microsoft customers.

    The company collected password hash information from public sources and received additional data from law enforcement agencies, and used the data as a base for the comparison.

    An analysis of password use in 2016 revealed that about 20% of Internet users were reusing passwords, and that an additional 27% were using passwords that were "nearly identical" to other account passwords. In 2018, it was revealed that a large part of Internet users were still favoring weak passwords over secure ones.

    Microsoft: 44 million Microsoft accounts use leaked passwords microsoft-leaked-passwords.png

    Companies like Mozilla or Google introduced functionality to improve password use. Google published its Password Checkup extension in February 2019 and started to integrate it in August 2019 natively in the browser. The company launched a new Password Checkup feature for Google Accounts on its site in 2019 as well.

    Mozilla integrated Firefox Monitor into the Firefox web browser designed to check for weak passwords and monitor passwords for leaks.

    Computer users who use standalone password managers may also be able to check passwords against leak databases; I have published a tutorial on how that is done in the password manager KeePass.

    Microsoft has been pushing for password-less logins for a while now, and the company's password reuse study provides a reason why.

    According to Microsoft, 44 million Azure AD and Microsoft Services Accounts use passwords that are also found in leaked password databases. That is about 1.5% of all credentials the company checked in its study.

    Microsoft cites a study in which password use of nearly 30 million users was analyzed. The conclusion was that password reuse and modifications were common for 52% of users, and that "30% of the modified passwords and all the reused passwords can be cracked within just 10 guesses".

    Microsoft will enforce resets of passwords which were leaked. Microsoft account customers will be asked to change the account password. It is unclear how the information will be communicated to affected users or when the passwords will be reset.

    IT administrators will be contacted on the Enterprise side.


    On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced.

    Microsoft recommends that customers enable a form of multi-factor authentication to better protect their accounts against attacks and leaks. According to Microsoft, 99.9% of identity attacks are unsuccessful if multi-factor authentication is used.

    Closing Words


    It is surprising that only 1.5% of all analyzed credentials were found in leaks; the study that Microsoft linked to saw password reuse and password modifications in over 50% of all analyzed passwords.

    Now You: Do you reuse passwords? What is your take on the study?

    Thank you for being a Ghacks reader. The post Microsoft: 44 million Microsoft accounts use leaked passwords appeared first on gHacks Technology News.

    read more...
     
    GHacks, Dec 6, 2019
    #1

  2. Microsoft is building a list of most commonly used & leaked passwords


    Microsoft is building a list of most commonly used & leaked passwords
    117M leaked creds (from LinkedIn?). New best practices + #AzureAD and MSA can help

    Microsoft Password Guidance
    Download pdf: Password Guidance - Microsoft Research

    Source: https://blogs.technet.microsoft.com/...-msa-can-help/
     
    Cluster Head, Dec 6, 2019
    #2
  3. sam02 Win User
    App store and Microsoft account


    Thank you for the advice

    I see what you mean about the password but i think its a backward step to compromise my Microsoft password to to use the app store
     
    sam02, Dec 6, 2019
    #3
  4. Microsoft: 44 million Microsoft accounts use leaked passwords

    Microsoft Account Password Reset

    Thanks for the reply, but it does not help me. The website does not proceed past step 4. After entering the security code, the website does not proceed to step 5. It does not give an error message, it simply greys out the next and cancel buttons and hangs
    indefinitely.

    Reset your password

    If you can't remember your password, follow these steps to get into your account.

    • Go to the Reset your password page.
    • Choose the reason you need your password reset, then click Next.
    • Enter the email address you used when you made your Microsoft account. This could be any email address, or an email ending in a Microsoft domain like hotmail.com or outlook.com.
    • Enter the characters you see on the screen (this lets us know you’re not a robot), then click Next.
    • If you've added security info to your account, we'll send a one-time code to the alternate phone number or email address you gave us. After you enter that code on the next screen, you'll be able to make a new password.
    I'll try your "Get account help by email" suggestion and post the solution here when I've found one.
     
    Donovan de Swardt, Dec 6, 2019
    #4
Thema:

Microsoft: 44 million Microsoft accounts use leaked passwords

Loading...
  1. Microsoft: 44 million Microsoft accounts use leaked passwords - Similar Threads - Microsoft million Microsoft

  2. Incorrect Password Using a Microsoft Account

    in Windows Hello & Lockscreen
    Incorrect Password Using a Microsoft Account: I use a Microsoft account for my WIndows 10. I have confirmed that my password is correct by logging in to by Microsoft account online. However, when I wish to change my password locally, Windows still tell me that my password is incorrect. Seems like my local password is...
  3. Microsoft Account Password

    in Windows Hello & Lockscreen
    Microsoft Account Password: This is a VERY detailed version of my question, a simplified version will be below this1. I made a microsoft account using my secondary email2. I used my microsoft accounts in various places, including this device, for sign in features, etc.3. Because of some difficulties, my...
  4. Microsoft Account using local password

    in Windows 10 Customization
    Microsoft Account using local password: Hi, I recently bought a new SurfacePro to replace my older laptop and desktop. When setting up initially I was unable to connect to the internet. I had to set up with a local username and temporary I thought password. When I was able to connect I entered my Microsoft ID...
  5. Password to Microsoft account

    in AntiVirus, Firewalls and System Security
    Password to Microsoft account: After having my computer serviced, I decided to change the password to log in. I wonder if I have to change the password on email @outlook.com or on the computer. And one more question, if I change the password online in the email, will it be a new Windows password?...
  6. Unlock PC using Microsoft Account's password

    in Windows 10 Customization
    Unlock PC using Microsoft Account's password: Hi, When I purchased my laptop, the vendor created a local account without a password. However, I linked my MS account to this local account but still, it is not asking for any password to unlock. I don't want to create a local password but like to have the same MS account...
  7. Microsoft Account Password

    in AntiVirus, Firewalls and System Security
    Microsoft Account Password: I switched to use a local account om my PC, but I want to go back to the administrator account. I am asked to sign in which I can do so far and then it asks for my Windows password, (not my Microsoft account password) and I have no idea what it is. Is there a workaround, or...
  8. using local password with microsoft account

    in User Accounts and Family Safety
    using local password with microsoft account: So I have a complex password for my online Microsoft account, I never type it in, its used with a secure clipboard from a password manager. If I use a Microsoft account with windows 10 it also uses the password which is a pain to type in, is there no way to use a local...
  9. Microsoft Account Password

    in Windows 10 Support
    Microsoft Account Password: Is there a way to force an user to change their Microsoft Account password at next logon? 98260
  10. Microsoft is building a list of most commonly used & leaked passwords

    in Windows 10 News
    Microsoft is building a list of most commonly used & leaked passwords: Microsoft is building a list of most commonly used & leaked passwords 117M leaked creds (from LinkedIn?). New best practices + #AzureAD and MSA can help Howdy folks, You probably saw the news last week that a hacker was selling a list with 117M usernames and...