Given the number of accounts included in this recent action, it’s highly likely you were one of the 44 million people with a Microsoft account that were recently subject to a forced password reset. Sadly, the number of accounts affected is no longer considered unusual – it doesn’t even crack the top ten in terms of size according to website Have I Been Pwned – but what is interesting is how Microsoft determined which accounts needed to have their passwords reset. In this particular case, the 44 million affected weren’t exposed in a new security breach, but were using passwords that were known to be compromised.
Is Microsoft psychic?
Though it may seem like magic, Microsoft’s prescience actually comes from utilizing really large databases. In this case, their own massive internal database of passwords was matched against over three billion known compromised passwords and 44 million Microsoft users were identified as currently using a password found on that list. Microsoft’s proactive action undoubtedly saved a lot of people and businesses quite a bit of time and money, but given how frequently breaches are exposing millions of passwords with each passing week, how practical is it for anyone to run this sort of back-end search, if one even had the technology to do so? Fortunately for you, there are password managers that will check your passwords in a similar manner to the method utilized by Microsoft above. You shouldn’t need another good reason to use a password manager – not a day goes by where I don’t commiserate with a client on their password woes, but the fact that both LastPass.com and 1Password.com will proactively check your passwords against known compromised databases should a really dang good reason to start using one of them now.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net