Microsoft Research Team finds Password Reuse Rampant

Microsoft Research Team finds Password Reuse Rampant

What if I told you that 1.5% of publicly leaked passwords were still being used to sign in to Microsoft accounts? It doesn’t sound like much, but it actually equates to 44 million users still using leaked passwords for their Microsoft accounts. This is what the Microsoft research team found when it performed a scan of its user and Azure AD accounts versus the three billion publicly leaked credentials for the first quarter of the year.





We asked some prominent security professionals about the proliferation of password reuse and what other options there are for people to strengthen their security measures:


Stuart Sharp, VP of solution engineering at OneLogin


“Password reuse is a massive problem and this scan only highlights the severity of the situation. Whether knowingly or unknowingly, people are using compromised credentials to access sensitive personal and corporate data, putting organisations and individuals at risk of disastrous attacks from bad actors. Multi-Factor Authentication is no longer just security best practice, but a core necessity to corporate and personal applications alike. Wherever possible, stronger forms of Multi-Factor Authentication should be used, such as WebAuthn with on-device biometrics.”


Gavin Millard, VP Intelligence at Tenable


“Password reuse and single factor authentication is one of the largest cybersecurity issues we face today. Frustratingly no matter how easy password managers make storing and using complex passwords for online services, or the option to add a second authentication mechanism – such as an SMS code sent to a mobile device, adoption is still woefully low.


“As individuals, we need to change our mindset when securing any online account, emp ..

Support the originator by clicking the read the rest link below.