Skip to main content

Microsoft Azure Tool Aims to Reduce Weak Passwords in Companies

N

Nyakundi Report

Newsroom 2 min read

This archive report was first published on 28 October 2021.

Published on October 28, 2021, Microsoft has released a public preview of the new Azure Active Directory tool, Azure AD Password Protection, aimed at helping network administrators eliminate weak passwords in companies.

Azure Active Directory (Azure AD) is Microsoft's cloud access and identity management service, primarily used by companies to implement single sign-on and multi-factor authentication on their systems, thereby increasing corporate protection.

The new tool prevents users from registering the 500 most commonly used passwords in the world and over a million of their variations. This means that passwords like 'password' and 's3nh4' will not be accepted on systems where Azure AD Password Protection is enabled.

Network administrators can also use the tool to prevent registration of certain combinations as passwords, thus preventing employees from using personal commemorative dates as credentials.

Microsoft claims that banning certain passwords on systems is a more effective method of protection than complex rules for creating credentials, as most users create passwords based on interests and number combinations.

The company also claims that the tool will drastically reduce the risk of hacking, as most criminals try to break into corporate accounts using simple, weak passwords, hoping that some user has not thought about protection.

However, the tool is only available to enterprise Azure Active Directory subscribers on Premium 1 subscription.

Increasing Password Security

Microsoft recently warned that the criminal group Nobelium, responsible for the SolarWinds virtual hijacking (ransomware) attack, are using password-stealing tactics, including phishing, token theft, or brute force hacking, to break into companies and gain access to systems.

While the Azure AD Password Protection tool aims to increase password security for corporate users, other scams, particularly social engineering ones, can still compromise credentials. It is essential that corporations train their employees and explain the security risks present on the internet.

Be the first to react

Support

Support this reporting

M-Pesa support recorded against this story.

Send support →

Stay close

Get the briefing

Major updates by email. No spam.

Get email brief →

Share

Save share card

Download a clean portrait card for sharing.

Save image →