The identity threat researchers from Microsoft revealed that a massive 44 million Microsoft Services Accounts and Azures AD accounts are vulnerable to account hijacking. Microsoft users are still using the compromised passwords that already led to past data breaches. Even after suggesting, the businesses failed to adopt proper credential to secure their accounts.
As per the Q1-2019 Microsoft Security Intelligence Report, the security team checked billions of accounts for their account security and found that 44 million such accounts breaches against the Microsoft security protocol.
Security Breaches and Stringent Password Rules
Data breaches are becoming a significant concern among many businesses and individuals. Unsurprisingly the Microsoft security report on password protection showed “reused passwords” as the most prominent identity-based threat.
To solve this problem of weak or reused password, many organizations have set up password protection rules to prevent user accounts from hacking. Stringent password rules include choosing longer and random passwords. To help Microsoft Azure AD users, Microsoft has provided a password protection guidelines as well.
On the security breaches the Microsoft Security Intelligence Report reads, “For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side. On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced,”
Why do people reuse password? How to stop this?
According to Eoin Keary, the CEO and co-founder of Edgescan people reused passwords as they have many to remember. There are N numbers of passwords such as personal accounts, bank accounts, work emails, laptop credentials among others. Eoin says a regular user never uses a vault or storage and prefer to use the same password at all accounts.
As per the report, our numbers show that 99.9% of identity attacks have been thwarted by turning on MFA. To resolve this issue of identity threat as an individual, we need to change our view when choosing the password. We need to be protected with our work accounts as we do with our bank accounts.
This is how you can save yourself and your company from data hijacking. If you have any further questions about it, let us know in the comments section below.