As long as we use alphanumeric passwords, people will always try to safeguard personal data with codes like "123456" or "password."
But Microsoft is taking a stance against stupid passcodes by banning those it deems weak.
Gathering data from 10 million-plus daily account attacks, Redmond maintains a regularly updated list of taboo passwords—"dynamically banned" codes that the company prevents customers from using. In place of the usual sliding scale of "weak" to "strong," a new program forces users to "choose a password that's harder for people to guess."
"The most important thing to keep in mind when selecting a password is to choose one that is unique, and therefore hard to guess," Alex Weinert, group program manager of the Azure AD Identity Protection team, wrote in a blog post.
That means avoid terms like "qwerty," "welcome," "login," "football," "baseball," and "monkey." Unless you're not particularly attached to banking, medical, and other intimate personal details.
Redmond is already banning these passwords on Microsoft Accounts; it's in preview in Azure Active Directory (AD) and will roll out to all 10 million Azure AD users over the coming months.
The company's smart password lockout system, which locks people out after too many incorrect password guesses, will remain in place.