It has become commonplace for passwords to be leaked on the Internet, and tens of millions of account passwords have been leaked every year due to major security incidents. At the same time, users use simple and weak passwords with very low strength. Such low-strength passwords are no different than a time bomb for user account security.
The Microsoft security team has analyzed more than 3 billion accounts recently. The purpose of the analysis is to find out whether the passwords used by Microsoft users have potential security issues. Microsoft obtained a large number of leaked databases through public databases and law enforcement agencies for comparison and found that more than 40 million accounts used leaked passwords. The so-called leaked password means that these passwords are found in other databases, which means that passwords set by users on other websites may have been trawled long ago. But most users do n’t know that their passwords have been leaked. If they continue to use these passwords, they are likely to be attacked by attackers.
As part of its security strategy, Microsoft is currently promoting passwordless logins. Users can quickly log in to their Microsoft account through a PIN or fingerprint reader. However, this method cannot change the security of users who have leaked their passwords, so Microsoft decided to force reset these affected accounts directly on the server. When the user logs in to the Microsoft account, they will be prompted to change the password. If the password is not changed, the Microsoft account will not be able to log in and will not be available. Microsoft did not disclose when exactly the affected account passwords will be enforced, but if users see similar prompts, your passwords have been leaked.