You know you shouldn’t be using passwords that are too short or too easy, but most most people do it anyway.
After all, if it’s too long and complicated you won’t remember it, right? No point in having to write it down on a Post-It and stick it under your keyboard. That kind of defeats the purpose. The answer to that logic, of course, is to use a password manager that will remember for you, and even type your password for you. One of the best is Roboform, which I’ve written about before. But that’s not the point of this article.
Up until now you have had a choice, and most people chose to use simple passwords. There are published lists of the most used passwords, such as the one above, which makes it relatively easy for disreputable people to get into your stuff.
So last week Microsoft said enough is enough, and announced that they are no longer giving you a choice. You will start using complex passwords. Users of Microsoft Office, Office 365, Xbox, Skype and Azure cloud-based applications will now need to use passwords with eight or more characters. Not just any characters though. Once you choose one, the software will evaluate it against common passwords that are typically targeted by hackers and then either let you keep it, or will ask you to choose again.
Microsoft is determining which passwords should be banned by culling data from attacks on its own users. They said that it continually monitors those attacks, evaluates the passwords used, and maintains a “dynamically updated banned password list.”
Many people would say they are going too far, and that this is intrusive. I agree that it is intrusive, but I’m very much in favor of what they are doing. Microsoft says that 10 million of its users’ accounts are attacked each day! This is a real danger, and if we won’t take it seriously, then I’m glad we are being led by the hand to protect ourselves.
So… get ready for some changes. And don’t be surprised when other software manufacturers follow suit.