Cyber Security Center

Microsoft says 44 million of its users reuse passwords


Microsoft has found that 44 million of its users reuse passwords after finding matches in a database containing 3 billion leaked credentials.

 

Screenshot (109)

Tech giant Microsoft has identified 44 million users that reuse passwords by using a database of publicly leaked credentials. Microsoft’s identity threat research team has checked 3 billion credentials obtained from different breaches from multiple sources, including law enforcement and public databases, and has found a match for over 44 million Azure AD and Microsoft accounts. A password reset was forced upon all identified accounts.

“For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side. On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced,” Microsoft said.

Microsoft strongly encourages users to enable two-factor (or multi-factor) authentication to protect accounts.

“Our numbers show that 99.9% of identity attacks have been thwarted by turning on MFA,” it added.

By turning on multi-factor authentication, users would be able to prevent someone from accessing their accounts, even if they knew the login credentials.

Why is password reuse dangerous

Evidently, many users still have the habit of reusing passwords. And while companies can somewhat stop users from creating weak passwords, they cannot prevent people from reusing them as there is no way of knowing whether the password has been used somewhere else.

While using the same password for multiple accounts may seem convenient, it can also be quite dangerous. If a service leaked account credentials, or if they were stolen, accounts with the same password would also be put at risk. Credential stuffing attacks, where stolen login credentials from one service are used to break into other accounts, are very common and are often the reason why hackers are able to take over accounts.

Passwords should never be reused for important accounts. If it’s difficult to keep track of all the different passwords, a password manager is a good option. They not only store passwords in a secure way, but also help generate strong ones.