When it comes to choosing passwords, a lot of us are very, very dumb. But Microsoft may have a solution to our stupidity: It has plans to create a dynamically updated list of moronic passwords that it won’t let you use.


In a blog post, Microsoft explains that it’s putting to use the insights it can glean from millions of leaked passwords in order to increase security. Rather than simply imposing rules about password length and complexity, it’s using publicly available information to create a list of commonly used passwords, which it simply won’t allow you to use.

The list will be continually updated based on new password leaks, so as people shift to using other dumb passwords, they’ll also be banned. Who knows, eventually we might all use strong passwords. Imagine!


The company claims to have already rolled out the feature to Microsoft Account Service—that’s Outlook, Xbox, OneDrive and the like—and it will also add the feature to accounts that use its Azure AD login system. You won’t notice a lot of difference until you choose a dumb password, at which point you’ll be prompted to stop being a moron—sorry, to “choose a password that’s harder for people to guess.”

Farewell, “123456", you were useful while you were allowed.

[Microsoft via Security Week]