It’s no secret that human beings, for all of our intelligence and ambition, can be jaw-droppingly dumb. That includes using idiotic passwords, even though we know it’s a bad idea. It’s why credit-card companies are turning selfies into passwords, and why Microsoft is now blacklisting the dumbest of dumb passwords.
It’s a smart idea. Many breaches occur not because hackers are crafty computer ninjas, but because we’re dimwits who use common passwords. Hackers often just go down the list, trying each account against a list of passwords millions of people use until they get a hit. So Microsoft is creating what they’re calling a “dynamic ban list.” As passwords are leaked online, they will look at that data, assemble a list of the most commonly used passwords, and then ban them.
While there is an obvious flaw here, namely that hackers now know what passwords won’t work on a Windows machine, the trade-off is worth it. Weak passwords cost us millions of dollars every year and expose networks to more dangerous security breaches. People tend to reuse a handful of passwords, so if a government employee uses “guest” as their LinkedIn password, odds are pretty good that you can get into their work computer with that. Hopefully they weren’t sitting on any nuclear secrets!
Yes, we know, a secure password is annoying. But you need them for a reason, and if people still insist on being dumb, then at least Microsoft can help mitigate the damage. That said, we’re looking forward to the inevitable smug claim that somebody’s dumb password still works, only for hackers to put that statement to the test.
(Via Digital Trends)