Community Edition
Total Tests:
This Week:
Today:
Recent Blog Posts
Four Iranian Hackers Charged With Cyberattacks On American Firms
April 25, 2024
An Ex-Amazon Security Engineer Gets 3 Years In Jail For Hacking And Crypto Theft
April 18, 2024
Hacker Fakes His Own Death To Avoid Child Support Payments
April 11, 2024
ATM Skimming Ring Leader Sentenced To 75 Months In Prison
April 4, 2024
German Authorities Dismantle the Nemezis Market Dark Web Marketplace
March 28, 2024
Stay in Touch

Get exclusive updates and invitations to our events and webinars:


Your data will stay confidential Private and Confidential

ImmuniWebInternational Media Coverage

Microsoft Finds Password Security Problem Affecting 44 Million Users

By Davey Winder for Forbes
Friday, December 6, 2019

After analyzing a database containing 3 billion leaked credentials from security breaches, the Microsoft threat research team determined more than 44 million user accounts had a serious security problem. Here's what you need to know.

Mitigating the Microsoft password reuse risk

As far as the leaked credentials that the threat research team found during this analysis are concerned, Microsoft has confirmed that consumers need to take "no additional action," as it has already forced a password reset. This will come as a great relief to those worried about their Office, OneDrive, or Xbox services. The situation is less straightforward for business users. Microsoft stated that it would "elevate the user risk and alert the administrator," for enterprise accounts, with the administrator then having to ensure a credential reset is enforced. The reused credentials statistics were not broken down into consumer and enterprise accounts, so it's not clear as to how many businesses could be impacted by this.

"As with the recent HackerOne incident, humans remain the weakest link in every organization," Ilia Kolochenko, CEO of ImmuniWeb, said, "Microsoft’s campaign to augment account security serves as a great example to other vendors."

More password security advice for Microsoft users

The Microsoft report goes on to say that it's "critical to back your password with some form of strong credential," and suggests that Multi-Factor Authentication (MFA) is a recommended mechanism to achieve this. "Our numbers show that 99.9% of identity attacks have been thwarted by turning on MFA," the report stated. Unfortunately, as Kolochenko said, while "Two (2FA) and Multi-Factor Authentication (MFA) can considerably reduce those risks, most users regard these as irritating inconveniences and would rather deactivate them whenever possible."

For the average consumer and smaller businesses, I always suggest that password managers are the baseline security measures that should be in place. Not only do these make it easy to use a secure, random and complex password for every account and site you use, but most have password auditing functionality for good measure. Google has a password checkup function that works with the Google account password manager for example and checks for reuse against a database of 4 billion leaked credentials, and Firefox has also added a compromised password warning feature. Read Full Article


Previous Media Publications:

ZDNet: HackerOne verliert vertrauliche Fehlerberichte seiner Kunden

SiliconANGLE: Bug bounty startup HackerOne suffers breach after analyst mistake

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
Your data will stay private and confidential