Microsoft May Ban Your Favorite Password

wiredmikey writes from a report via SecurityWeek.Com: Microsoft is taking a step to better protect users by banning the use of weak and commonly-used passwords across its services. Microsoft has announced that it is dynamically banning common passwords from Microsoft Account and Azure Active Directory (AD) system. In addition to banning commonly used passwords to improve user account safety, Microsoft has implemented a feature called smart password lockout, meant to add an extra level of protection when an account is attacked. [Alex Weinert, Group Program Manager of Azure AD Identity Protection team explains in a blog post that] Microsoft is seeing more than 10 million accounts being attacked each day, and that this data is used to dynamically update the list of banned passwords. This list is then used to prevent people from choosing a common or similar password. Microsoft's new feature comes after last week's leak of 117 million LinkedIn credentials.

If

[liqu1d]

If you ban common passwords. Then you end up with a new set of common passwords. Going to ban those too?

Re:If

lol. The MS hate is so strong on slashdot that people hate even moves that SHOULD make nerds happy.

What's wrong with you all ? We constantly talk about how weak passwords are stupid.

Pull your head out of your zealot ass.

Re:If

[PhunkySchtuff]

I don't want your account with a weak password to get pwned and send me spam or phishing emails.

Re:If

Oh come on, this isn't a bad thing. If Ubuntu refused to let you use 123456 as a root password, everyone on Slashdot would say "of course". If Microsoft does it, they're idiot facists who don't understand anything. Slashdot is sometimes just an embarrassment.

Re:If

Obviously Microsoft knows what's best for us, regardless of what we want.

Maybe I *want* to use a weak password, what business is it of theirs to tell me I can't? If they want to warn me that I have a weak password, fine. But to prevent me from using it? That's just bullshit.

Microsoft is continually tightening it's grip on its customers freedom to do what they want, so I guess this really shouldn't come as a surprise.

You can have password you want.
You just can't use it with their system. You wanna know why? It's THEIR system.

You can do any fucking thing you want to do, but you just can't do it with other people's shit if they don't want you to.

Re:If

[Your.Master]

Obviously Microsoft knows what's best for us, regardless of what we want.

In this case, literally yes, they do.

Maybe I *want* to use a weak password

And maybe you want to jump into the swimming pool wearing full platemail armour but the lifeguard doesn't have to let you, and in fact should not let you.

what business is it of theirs to tell me I can't?

It's literally their business.

Re:If

[s.petry]

Haha, that was funneh!

On point however, how many people don't care about how secure their passwords for Windows systems are? I have systems I could care less about, because they are either fully blocked by a FW or air-gapped. I don't trust Windows at all, so use a weak password when it fits me.

MS - attempting to chase all remaining customers away I guess.

Re:If

[MobileTatsu-NJG]

Oh come on, this isn't a bad thing. If Ubuntu refused to let you use 123456 as a root password, everyone on Slashdot would say "of course". If Microsoft does it, they're idiot facists who don't understand anything. Slashdot is sometimes just an embarrassment.

This comment should not have been modded down. Slashdotters don't even try to pretend anymore that they don't just react as if everything MS does is wrong by default, even when they compromise their own principals in the process. Hell, just a couple of days ago people were modded up for saying MS shouldn't Open Source VB. . Uh huh.

Re:If

[Ol+Olsoc]

This only affects Microsoft Accounts and Azure AD, not local Windows accounts.

So far.

Re:If

Coming to a security update! Your password is no longer valid. New password must contain 15 symbols and 8 uppercase and 7 lowercase letters, where no more than 5 uppercase and 4 lowercase may be in a row, and you also may not have upper and lowercase alternate through the password.

Or upgrade to Windows 10*.

*:--(until the update hits windows 10 next month)

Re: If

[Ol+Olsoc]

Typical Slashdot, this bullshit gets modded Informative.

Yeah - shoulda been modded insightful. I hate to use why not examples, but I'll dv8 from that here.

What would be the rationale to not implement this in all Windows systems? They already have a keylogger, they already phone home to a multiplicity of locations that they don't allow you to host out, and they already thought it was a good idea to allow anyone that you allow on your home wireless to allow anyone in their social network to wirelessly log on to your router, even though you have no idea who they are.

It's just a simple forced update on all Windows systems, and a normal no choice update on anything running Windows 10. Using their rather invasive paradigm at this time, you'd be a fool to bet against it.

LOLWUT

[ArchieBunker]

This is a first. Someone on Slashdot making an argument for weak passwords.

Re:LOLWUT

[bloodhawk]

No it is someone with an Anti-MS agenda that doesn't care his argument is idiotic, as long as it goes against what MS is doing.

Re:The more password rules you make...

[Zarhan]

In the end people end up writing them on post-it notes...

I'm not so sure this is a bad thing. Post-it notes still require physical access to the post-it-note. Which is pretty hard for a random bruteforcer to access over the Internet.

Great!

[allo]

"Your password is weak, because 3 Million Users are already using it"

Cool, i found a common one! Lets try to use it on billgates@hotmail.com! Gotcha!

A whole new way to update your wordlists.