the LinkedIn debacle, Microsoft says it will stop users
from choosing easily guessable passwords in a bid to prevent a repeat of the former’s
recently resurfaced fiasco.
Microsoft’s Alex Simons said that
his firm will try to avoid the same thing happening to it by preventing users
from making lazy choices in passwords.
Following last week’s leak of 117
Million LinkedIn customer email credentials, Microsoft has detailed how it’s
using the leaked list and others like it to prevent Microsoft Account users
from picking passwords that appear frequently in stolen data.
Microsoft will soon launch a new
Azure Active Directory (AD) feature that will let admins stop users from
picking easily-guessed passwords. Microsoft will roll out the feature to over
10 million Azure AD tenants in coming months.
IT admins will have the ability to
lock down corporate email accounts automatically if the username and password
for those accounts match credentials in a newly-leaked list.
Microsoft runs the list of
compromised credentials through a system that compares hashes of the passwords with
those stored with live accounts. If it identifies an at-risk account, Microsoft
locks it and prompts the user to verify their identity and reset their
password. This capability will be available with Azure AD users.
Andrew Tang, service director of
security at MTI said that there is very little risk with the initiative.
“We are trusting Microsoft to store
and secure that password, as it will need to be check every time it’s used.
Like all other systems, it’s just an algorithm to check how the password