Thursday, July 14, 2011
(I) Microsoft to block common passwords for HotMail users
Hard to believe that Micro$oft of all people is taking the lead in such an obvious area as passwords. With all the password breaches Micro$oft feels it is time to block many of the more stoopid passwords that people use.
List of Top 500 worst passwords
For years we have been Whitelisting (allow) and Blacklisting (block) websites with web proxies in the corporate world, it is obvious to implement a blacklist for known bad passwords as well. Frankly, EVERY Internet facing website should implement this feature to not just protect your users, but improve customer service. How is at you say? Well, if you are suffering from a brute force attack that either creates a DoS situation locking out thousands of your users, because you know they use crappy passwords and locking out their account to keep it from being breached is the best option.. Sucks, but the best option. Unless you want to force two-factor authentication on your users, forcing them to use stronger passwords so you can ignore typical brute force web based attacks is the best low cost solution you can do.
Many web and email proxies and web filtering solutions like OpenDNS and Norton Online Family use blacklist providers to block users from going to well known bad sites and email senders.
This is an easy solution to implement and I would hope Micro$oft would use their reason (too many p0wned accounts.. Aka too many customer support calls and emails) to implement common password blocking into a service that we all can use and access, just like URL Blacklists..
Your ability to create ridiculous and easy passwords is coming to an end... Start considering using solutions like SuperGenPass, LastPass, PasswordSafe, RoboForm and other password managers to avoid this issue in the future.
Come on FaceBook, Twitter, Gawker, Sony... The list is endless.. Get a clue from... I can't believe I am going to say this... Microsoft and implement common stoopid password blocking!!!
Article on MS HotMail common password blocking