In response to a hacker releasing 117 million usernames and passwords reportedly leaked from LinkedIn in 2012, Microsoft is changing the way it thinks about passwords. Or, rather, how they let us think about passwords.
Most digital accounts set password requirements, demanding certain length, special characters or capitalisation for validity. But, according to research done by one of Microsoft’s program managers, humans tend to respond to these requirements in predictable ways, actually making them more easy to crack.
To counter this, Microsoft is taking advantage of the millions of leaked passwords to identify the most common ones and ban their use for future users.
With every new password leak, the list will update to ban other terrible passwords that emerge.
The feature is already integrated into Microsoft Account Service, including Outlook, Xbox and OneDrive.
Unless an individual selects a terrible password, setting up a new account will remain the same. But if they do, the individual will then be asked to “choose a password that’s harder for people to guess.”