Microsoft has confirmed the ban on basic passwords such as "123456," "Password" and more.
Microsoft says that banning basic passwords is part of the company's efforts to crack down on stolen passwords. Banning easy and basic passwords means that hackers will no longer be able to access accounts just by guessing passwords.
In a company blog, Microsoft also cites the recent username and password leak of 117 million LinkedIn users, which resulted in the company resetting users' passwords.
Security experts suggest that users should have a strong password that attackers would find difficult to guess. Users should select a password that has a mix of lowercase and capital letters, symbols and numbers.
"The most important thing to keep in mind when selecting a password is to choose one that is unique, and therefore hard to guess. We help you do this in the Microsoft Account and Azure AD system by dynamically banning commonly used passwords," says Alex Weinert, the Group Program Manager of Azure AD Identity Protection team.
Many customers will be unhappy about Microsoft's latest step but the company's stance on strong password requirement on its users' accounts is a bid to protect the users themselves.
Microsoft is working to ban basic passwords but some companies such as Google are working to eliminate the need for passwords altogether. Dan Kaufman, the director of Google's Advanced Technology and Projects team, revealed during the 2016 Google I/O that the company is working on a technology called Trust API, which will replace passwords.
Many Android devices have a Smart Lock feature, which scans the authorized user's voice, movement, face and more to unlock devices without a password.
"On some devices, on-body detection will learn the pattern of your walk. If the accelerometer detects a walk that looks very different, it may lock your phone," says the company about Smart Lock.
Kaufman said that the Trust API password project is more advanced than Smart Lock. The technology will be running in the background, and with the help of sensors it will combine data and calculate if the device should be unlocked or not. Reports suggest that Trust API will also have the capability to differentiate how a user swipes the screen of a handset.
Google did not reveal the launch date of the technology but Kaufman suggests it may be available to Android developers toward the end of this year.
Photo: Dani Latorre | Flickr