Wednesday, March 3, 2021
  • More Girls are Now Joining the CyberSecurity Industry
  • Mitigating your Java code security debt
  • Intel Illustrates Its Focus on Transparency in Security with 2020 Product Security Report
  • 7 Lessons Learned From SMB Cybersecurity Leaders
  • Gender diversity in cybersecurity, the key to getting ahead of hackers?

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » Microsoft Highlights The Risk of Stolen Passwords

Microsoft Highlights The Risk of Stolen Passwords

by Enzoic on December 12, 2019

Microsoft has just announced that a staggering 44 million accounts were vulnerable to account takeover due to the use of compromised or stolen passwords. This news comes on the back of the recent Disney+ launch, where password reuse resulted in cybercriminals taking over user accounts.

There is mounting evidence that despite repeated warnings, users are still flying blind, and companies are not taking enough action to prevent the use of exposed credentials, putting users’ data at risk.

Why are compromised passwords a problem?

People’s desire for convenience drives then to use the same login details for multiple accounts. To put this in context, research from Google found that 65% of people reuse the same password for all or most of their accounts with another study finding that 62% of employees use the same password for their personal and work accounts.

A cybercriminal can simply obtain a password from a breach on one site, and then because of this password reuse, use that password to access that user’s accounts on other websites and systems. A study from Virginia Tech University found that 70% of users deployed an exposed password for different accounts up to a year after a leak. Even worse, 40% of people are reusing passwords, which were leaked over three years ago.

Companies and organizations must take action now

As cybercriminals become increasingly sophisticated, organizations must take steps to protect themselves and their users rather than hoping people will suddenly stop reusing passwords!

NIST password recommendations outline how organizations should verify that passwords are not compromised before they are activated and monitor those passwords on an ongoing basis. By checking passwords against a database of exposed or stolen passwords, organizations can significantly reduce the prevalence of compromised and stolen passwords. As the number of data breaches and compromised credentials expands continuously, checking passwords against a dynamic database rather than a static list is critical.

If a compromise is detected, it’s vital to institute an immediate, automated action. Automation allows organizations to customize the action such as a password reset to secure the account before additional damages can occur, or a prompt to the user to create a new password the next time they log in.

As we enter the next decade, companies must take action to protect themselves and ensure stolen passwords for their users aren’t putting their accounts at risk. At Enzoic, we provide a range of automated solutions that stop compromised logins or passwords from being used to activate accounts for users, customers, and employees. And, equally important, our products continuously screen to ensure that existing credentials have not been compromised.

Enzoic’s Active Directory tool would detect many of the exposed or stolen passwords in the 44 million accounts. It runs quietly in the background and only impacts users that are using bad, compromised, or stolen passwords.

It’s time for organizations to make a new year’s resolution to banish compromised credentials once and for all!

The post Microsoft Highlights The Risk of Stolen Passwords appeared first on Enzoic.


Recent Articles By Author
  • Eight Rules for Effective Password Protection
  • Password Spraying: How Common Passwords Threaten Your Organization
  • Throwing Light on the Dark Web
More from Enzoic

*** This is a Security Bloggers Network syndicated blog from Enzoic authored by Enzoic. Read the original post at: https://www.enzoic.com/microsoft-stolen-passwords/

December 12, 2019December 12, 2019 Enzoic account takeover, Active Directory, all posts, exposed passwords, password reuse, stolen passwords
  • ← Exploring The Critical Components Of DevOps
  • China Finagles World Bank To Fund Surveillance In Xinjiang →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Social Media Risks Increasing in 2021
Betting Big on Identity and Authentication
Twitter Removes Russian Disinformation Accounts
Edge Computing Growth Drives New Cybersecurity Concerns
Survey Finds Low Confidence in Medical Device Security
CPAC 2021 Open Display of Nazi Symbols
What is a Man-in-the-Middle Attack? Detection and Prevention Tips
Cyber Security Roundup for March 2021
Review: Perlroth’s book on the cyberarms market
DoD: Get Started With a CMMC Self-Assessment Now | Apptega

Upcoming Webinars

Tue 09

Zero Trust Journey – A Security Leader’s Story

March 9 @ 11:00 am - 12:00 pm
Mon 15

Don’t Get Attached to Your Attachment!

March 15 @ 9:00 am - 10:00 am
Mon 15

Managing Security in a Decentralized World

March 15 @ 1:00 pm - 2:00 pm
Wed 17

API Security: Everything You Need to Know To Protect Your APIs

March 17 @ 1:00 pm - 2:00 pm
Mon 22

The Main Application Security Technologies to Adopt in 2021

March 22 @ 1:00 pm - 2:00 pm
Wed 31

The Anatomy of an Account Takeover Attack

March 31 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Breach Clarity Data Breach Report: Week of March 1
Cybersecurity Industry Spotlight Security Boulevard (Original) Threats & Breaches Vulnerabilities 

Breach Clarity Data Breach Report: Week of March 1

March 3, 2021 Kyle Marchini | Yesterday 0
Betting Big on Identity and Authentication
Application Security Cloud Security Cybersecurity Data Security Endpoint Identity & Access Industry Spotlight Network Security Security Boulevard (Original) 

Betting Big on Identity and Authentication

March 1, 2021 Raz Rafaeli | 2 days ago 0
XDR: Next-Level Prevention and Detection
Analytics & Intelligence Cybersecurity Endpoint Incident Response Industry Spotlight Security Boulevard (Original) 

XDR: Next-Level Prevention and Detection

February 25, 2021 Eyal Gruner | Feb 25 0

Top Stories

Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it

March 2, 2021 Richi Jennings | 1 day ago 0
‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It

February 26, 2021 Richi Jennings | Feb 26 0
Think Macs Don’t Get Malware? Think Again.
Analytics & Intelligence Cloud Security Cybersecurity Endpoint Featured Incident Response Malware News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Think Macs Don’t Get Malware? Think Again.

February 22, 2021 Richi Jennings | Feb 22 0

Security Humor

Matt Kelly's 'Radical Compliance - The Risk Assessment'

Matt Kelly’s ‘Radical Compliance – The Risk Assessment’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.