Microsoft to delete 1 billion weak passwords

Tired of dealing with hacked accounts, Microsoft is to delete a billion insecure passwords, forcing users to pick better ones.

The company now "blocks 7,000 attacks on passwords per second… almost double from a year ago." It has also seen adversary-in-the-middle phishing attacks increase by 146% year over year." All of which is bad news. But there's good news to come, it says, "we've never had a better solution to these pervasive attacks: passkeys."

Microsoft's Sangeeta Ranjit would in fact like everyone to switch to passkeys.

Passkeys not only offer an improved user experience by letting you sign in faster with your face, fingerprint, or PIN, but they also aren't susceptible to the same kinds of attacks as passwords. Plus, passkeys eliminate forgotten passwords and one-time codes and reduce support calls.

Weak passwords make for strong news stories, not that anyone ever pays heed to them. In Las Vegas, hackers breached MGM Resorts systems after finding a weak employee password, disrupting hotel operations and causing financial losses. Cybercriminals targeted Colonial Pipeline, the largest fuel supplier in the U.S., by exploiting a compromised VPN password that lacked two-factor authentication. The incident led to fuel shortages across the East Coast.

A weak admin password allowed attackers to breach a school district's IT system, shutting down online classes and exposing sensitive student data. Heard of Zoombombing? It's weak passwords all the way down.

Previously:
Deloitte got comprehensively hacked in March and didn't tell anyone
Hackers report company to SEC after it fails to disclose being hacked by them
LEGO site hacked by cryptocurrency scammers