Microsoft is deploying a new weapon in the battle to prevent online security breaches: dynamically banned passwords.
Essentially this means Microsoft is no longer allowing users to have passwords that are common.
The new rules now apply on the Microsoft Account Service (Outlook, Xbox Live, etc) and is being progressively rolled out to accounts using Azure Active Directory. Users who now try to create a password that is found to be too vulnerable will be presented with this screen:
Microsoft's Alex Weinert said the company made the decision to ban common passwords in response to recent high-profile database attacks.
"We see more than 10M accounts attacked daily, so we have a lot of data about which passwords are in play in those attacks. We use this data to maintain a dynamically updated banned password list."
If you're stumped trying to create a new secure password, we recommend reading our Back-to-Basics: Passwords creation guide. It offers tips on which passwords work best and how obvious passwords are cracked so easily.
New ransomware spotted in the wild
In other security news, two new ransomware attacks are making the rounds with using a new tactic to spread across computers.
The ZCryptor attack (full name: Win32/ZCryptor.A) not only infects your machine but also installs itself on external and network drives. Meaning if you remove a portable USB drive from the infected machine and plug it into another, that machine will also be infected.
The other threat has proven successful in attacking Australian users by posing as utilities provider AGL Energy. Acting like typical ransomware, the AGL attack encrypts the victim's PC and demands payment for it to be unlocked. More details are available at our Current email security threats page.
Suspect your organisation has been attacked? Contact the Sentrian Service Desk immediately on 1300 791 678 or email firstname.lastname@example.org.