The Microsoft threat research team scanned all Microsoft customer user accounts and found that 44 million users were using usernames and passwords that had previously been leaked in security breaches. Microsoft stated that it scanned over three billion leaked credentials that helped them identify users who reused the login credentials across different online accounts. When the leaked credentials were found, Microsoft forced a password reset, or contacted the correct Azure AD administrator to ensure a password reset was forced. Microsoft does warn about weak and easy-to-guess passwords and reused passwords but is unable to stop users from simply adding a single character at the end of an easily remembered password. A 2018 study found that 52% of users either reuse or perform simple modifications to their original password and 30% of those can be cracked within just 10 guesses.
Analyst Notes
The Microsoft threat research team scanned all Microsoft customer user accounts and found that 44 million users were using usernames and passwords that had previously been leaked in security breaches. Microsoft stated that it scanned over three billion leaked credentials that helped them identify users who reused the login credentials across different online accounts. When the leaked credentials were found, Microsoft forced a password reset, or contacted the correct Azure AD administrator to ensure a password reset was forced. Microsoft does warn about weak and easy-to-guess passwords and reused passwords but is unable to stop users from simply adding a single character at the end of an easily remembered password. A 2018 study found that 52% of users either reuse or perform simple modifications to their original password and 30% of those can be cracked within just 10 guesses.
