I usually ask my students whether they are reusing passwords for their accounts on different platforms. And most of them say they are using the same password because it’s difficult to remember more than 2-3 passwords. But I always recommend acting like me. I have a secret file where I keep all my passwords. So if someone hacks one of my accounts, there is no possibility to access other accounts as well. But where do I keep all those passwords? Well, they are in one file. And hope no one can find it ever.
Microsoft conducted a security threat assessment of its services and users between January and March this year. Today, the Redmond-based company announced the results of this survey, and they are shocking. According to the Microsoft Threat Research Group, millions of users are reusing their passwords on Microsoft services.
As part of the threat assessment, Microsoft checked 3 billion credentials, of which 44 million Microsoft services were matched with Azure AD accounts. This indicates that the aforementioned accounts are reusing passwords. Microsoft also points out that many of the 3 billion credentials were leaked online and that the company forced password resets to ensure that accounts were not hacked.
Microsoft also states that 30% of reused or modified passwords can be cracked in just 10 guesses. This triggered a violation replay attack. In it, the attacker gained access to a set of credentials and also used similar credentials to break into other accounts.
Microsoft urges users to improve their password security and use F2A because 99% of attacks can be prevented by using ‘multi-factor authentication’. In addition, Microsoft always recommends using unique passwords where possible. Moreover, it recommends even using unique usernames. This will make it difficult for attackers to guess and gain access.