CEO Comments On 44 Million Microsoft Users Reused Passwords In Q1 2019

By   ISBuzz Team
Writer , Information Security Buzz | Dec 06, 2019 09:58 pm PST

Microsoft’s threat research team has scanned all Microsoft user accounts and found that 44 million were using usernames and passwords that have been leaked online following security breaches at other online services.

Notify of
6 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Stuart Sharp
Stuart Sharp , VP of Solution Engineering
InfoSec Expert
December 9, 2019 10:50 am

Password reuse is a massive problem and this scan only highlights the severity of the situation. Whether knowingly or unknowingly, people are using compromised credentials to access sensitive personal and corporate data, putting organisations and individuals at risk of disastrous attacks from bad actors. Multi-Factor Authentication is no longer just security best practice, but a core necessity to corporate and personal applications alike. Wherever possible, stronger forms of Multi-Factor Authentication should be used, such as WebAuthn with on-device biometrics.

Last edited 3 years ago by Stuart Sharp
Gavin Millard
Gavin Millard , VP of intelligence
InfoSec Expert
December 9, 2019 10:48 am

Password reuse and single factor authentication is one of the largest cybersecurity issues we face today. Frustratingly no matter how easy password managers make storing and using complex passwords for online services, or the option to add a second authentication mechanism – such as an SMS code sent to a mobile device, adoption is still woefully low.

As individuals, we need to change our mindset when securing any online account, employing the same level of protection we adopt for securing our financial accounts. This means moving away from not just the reuse of passwords, but also making them stronger, particularly for accounts where we’re sharing sensitive details or personal information, and always use a second factor if available.

Last edited 3 years ago by Gavin Millard
Robert Ramsden Board
InfoSec Expert
December 9, 2019 10:47 am

In today’s cybersecurity landscape, it couldn’t be truer to say that passwords are the weakest link. We need to create several versions of them, make them hard to guess and commit them to memory. Therefore, it comes as no surprise that password reuse is so rampant.

Two-Factor authentication can help tackle the risk posed by password reuse. However, organisations and users should explore alternatives to the traditional text password, such as, persona-based authentication, which relies on a combination of ‘geographical’ and behavioural elements to determine identity or a trust score system that allows users to sign in and unlock devices through a trust score that is calculated using several behavioural factors such as location, facial recognition and typing pattern. While it\’s true passwords aren\’t going anywhere soon, there are ways that they can be strengthened to keep users and their data safe and these options should be deployed going into 2020 and beyond.

Last edited 3 years ago by Robert Ramsden Board
Eoin Keary
Eoin Keary , CEO and Cofounder
InfoSec Expert
December 9, 2019 10:45 am

Why do people reuse passwords? Because they have way too many to remember. Work passwords, utilities, banking, laptop account logins etc etc. How can an average person remember so many? Furthermore, a regular user does not use a password vault or storage solution, regardless of the recommendations.

The rub with password reuse across many services is that if one service is breached, the disclosed password is often used in credential stuffing attacks that try to access other services and websites. This type attack is becoming more and more common, and it bets on the widespread habit of users reusing their passwords.

Solutions such as multi-factor authentication help solve the password reuse issue, as they also require a one time password at time of login which changes every time.

Last edited 3 years ago by Eoin Keary
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Leader
December 8, 2019 11:49 am

When we look at the sheer number of different services and apps that people use and require signing up for, it is little surprise that people reuse credentials. It\’s why it is so important to educate and raise awareness among users as to the dangers of reusing credentials and how it can lead to account takeovers. Once people understand the risks, they can then make informed decisions to better protect themselves though means such as enabling MFA where available, and using a password manager to choose stronger and unique passwords for each site they register for.

Last edited 3 years ago by Javvad Malik

Recent Posts

Would love your thoughts, please comment.x