Despite recommendations by IT professionals and requirements for "strong" passwords, people continue to compromise accounts and systems by using passwords that are easily guessed. And, as it turns out, evidence suggests that requirements for length, complexity and period expiration cause people to react in predicable ways that may actually make passwords easier to crack.
To aid in that battle against bad passwords, Microsoft recently announced that it will start dynamically banning common passwords. To determine which passwords are the most common, Microsoft's Identity Protection team analyzes data from major breaches and the 10 million accounts attacked daily to generate the dynamically updated banned password list. Using that same data, Microsoft is also implementing a smart password lockout that locks your account when someone tries to use those common passwords – think "abcd1234!," "letmein" or "welcome" – to enter your account.
So the next time you try to reset your Xbox password and get the error message "Choose a password that's harder for people to guess," it means the days of using the go-to passwords on this list are over. You'll need something stronger than "passw0rd" going forward.
Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.