A new policy from Microsoft highlights a critical cyber security vulnerability: weak passwords.
Microsoft announced earlier this year that it will no longer allow users to rely on passwords that have poor strength. If you’re logging in with your Microsoft Account or Azure AD credentials, your password will need to meet higher security standards.
Are your passwords weak?
Whether or not you use Microsoft’s services, it’s important that you assess the strength of your passwords for any account.
A weak password can take on a variety of forms, including the following:
- It’s a string of consecutive letters or numbers (e.g. “abcdef” or “1234”)
- It’s a common word or phrase (e.g. “qwerty,” “admin,” “computer”)
- It relies on personal information that other people can easily find out about you, such as a combination of your last name and the year of your birth.
- It’s too short.
- It’s too simple, using all numbers or all lower case letters, instead of a mix of uppercase and lowercase letters, numbers, and special characters, such as the pound sign and punctuation
A password can also be weak if it closely resembles previous passwords you’ve used for the same account or passwords you use for other accounts. If a cyber criminal gets hold of your login credentials for one account, they can try to use them, or close variations of them, on different accounts. This increases the chances that they’ll gain access to something.
How to improve your password habits
You don’t have to wait for Microsoft or any other company to give you the push to improve your password choices and habits. Here are several ways you can better protect yourself against cyber security breaches:
- If you’re updating your password on an account, don’t simply replace a single character with a new one. Make it significantly different. Even if cyber criminals obtain the previous password, they’ll be less likely to successfully guess the new one.
- Don’t use the same password across a variety of accounts.
- Don’t share your passwords with other people by email or write them down in locations where they can easily get seen or stolen. You should almost never share your passwords with other people, with few exceptions, such as when you and other employees all share the same account for a particular software program. Always remain wary about requests for your login credentials. For example, if your bank sends you an email about an issue with one of your accounts, they typically wouldn’t ask you to reply with your login information. (If you receive an email that does make this request, immediately be on your guard. This is likely an attempt at phishing, a kind of cyber attack.)
- Keep track of all of your accounts and how you signed up for each one — for instance, by email or through another program such as Facebook. To help you stay organized, you can use a password manager to help you generate strong, complex passwords for different sites. Never store a list of your passwords on an unprotected file on your computing device.
- Don’t rely only on strong passwords for protection. Whenever possible, enable two-factor authentication. With two-factor authentication, you log on to accounts by entering both your password and a special code sent to you via text, for example. Even if someone unauthorized discovers your password, they would also need access to your phone for the special code to get on to your account.
Stay Strong
Strong password habits can significantly improve your chances of preventing or repelling a cyber attack. If cyber criminals discover your login credentials and use them to successfully access your accounts, they can obtain sensitive information and use your accounts to launch attacks on other people. Always take care with your passwords.
If you have questions or concerns about how passwords are managed in your organization, get in touch with us. We can help you establish policies and procedures that are easy for all employees to follow and keep your data secure.