At the time of the sale of more than 100 million pirated LinkedIn passwords, Microsoft has decided to react. On the blog of Active Directory – the division in charge of the authentication process, the company says will draw the consequences of these hacks repeatedly. And the first of them directly concern its users, they go through their mail clients (Outlook) or Azure AD (solution used by companies). To protect them, Microsoft deploys new restrictions in the choice of passwords.
According to Robyn Hicock, an employee of Microsoft publishing a white paper on the subject, asking people to choose a strong password is not necessarily an optimal choice. Because these passwords are also subject to piracy for a simple reason: our choices are predictable. In other words, when a user can not select “123456″, it tends to turn to other sesame equally easy to remember ( “$ 123456 $ ” for example). Today, there is therefore a new list of the most common combinations among those considered as complex.
Given this situation, Microsoft will therefore act more pragmatically. Based on data on millions of pirated passwords, the company will banish those that are found most often, whatever their level of complexity. The list is updated dynamically, including information on new hacks.
In addition, Microsoft is improving its blocking system in case of intrusion suspicion. But the goal is that the legitimate user can still access their account. Data such as the location will be utilized to make sure. A process reminiscent of Google, which wants to establish “confidence score” by combining several criteria such as facial recognition or text input habits. But it would go far beyond Microsoft, since aims simply to remove passwords.
No comments:
Post a Comment