Millions of Microsoft users are reusing passwords
44 million Microsoft users are guilty of credential reuse
After a scan of all of the company's user accounts conducted between January and March of this year, the Microsoft threat research team discovered that 44m users are reusing usernames and passwords that were leaked online following security breaches at other online services, despite the widespread availability of password managers.
The software giant explained that it scanned user accounts by using a database of more than three billion leaked credentials that it obtained from multiple sources including law enforcement and public databases.
By conducting the scan, Microsoft was able to identify users who had reused the same usernames and passwords across multiple online services. The company explained what it did after it discovered that users had reused usernames and passwords, saying:
- Breaking the credential reuse cycle
- Avira honeypot discovers the most insecure password combination
- Major rise in password-stealing malware detected
"For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side. On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced."
Credential reuse
Microsoft and other tech giants typically warn users against using weak or simple passwords when creating an account but unfortunately these warnings do not apply when a someone reuses credentials from another service.
While Microsoft checks to make sure that its users are utilizing complex passwords, there is no way for the company to know if a user has reused that password for other services.
After a third-party service suffers a security breach that results in user credentials being leaked online, this also puts a user's Microsoft account at risk even if they have employed a strong password.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To prevent hackers and other malicious actors from taking over your accounts after a data breach, it is highly recommended that you use a unique password for each online service you use.
- We've also highlighted the best antivirus software
Via ZDNet
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.