Microsoft between 2019 to over 3 billion company account conducted a password reuse analysis to find out the password Microsoft customers are using how much. The company collects the password hashes from public sources of information, and other data received from law enforcement agencies, and the data used as a basis for comparison.
Data show that in 2016 an analysis of password usage shows that about 20% of Internet users are reusing passwords, while 27% of users use passwords and other account password "almost identical." In 2018, it is still a large part of Internet users still prefer weak passwords rather than the security password.
In fact, like Mozilla or companies like Google have been introduced to improve the password feature. Google in February 2019 released its password checking the extension, and in August 2019 began to be integrated into the local browser. The company also launched in 2019 a new password checking for Google accounts on its website.
The Mozilla Firefox Monitor will be integrated into the Firefox Web browser, the Web browser designed to check and monitor weak passwords password leaks. In addition, the use of separate user password manager computer database may be password The leak inspection.
It is understood that no password on the promotion, Microsoft has been implemented aspects for some time.
According to Microsoft's statement, 44 million Azure AD and Microsoft Services account with a password in the password database leak can also be found. This is about 1.5 percent of the company examined in the study all the documents.
Microsoft cited a study that analyzed nearly 30 million user's password usage. It concluded that password reuse and modify common in 52% of the users, and "modified passwords and all reusable passwords can be cracked in 30% in the 10's guess."
Therefore, Microsoft will be forced to reset the password leak. Microsoft account customers will be asked to change the account password, but it is not clear how the information will be communicated to affected users or when to reset the password.
On the corporate front, Microsoft will increase the risk of the user and alert administrators to be able to enforce credential reset.
Microsoft recommends that customers enable a form of multi-factor authentication, to better protect your account against attacks and leaks. According to Microsoft's statement, if you are using multi-factor authentication, identity 99.9% of attacks will not succeed.
Reference News: https://www.ghacks.net/2019/12/06/microsoft-44-million-microsoft-accounts-use-leaked-passwords/