A study by Microsoft discovered that over 44 million user accounts were reusing passwords that had been compromised in past breaches. The research was prompted by a previous data breach that leaked at least 3 billion Windows login credentials, which included those affected passwords.
Microsoft Security Intelligence Report 2019
Microsoft’s identity research team traced, cross-referenced and compiled the user login credentials obtained from various breaches between January and March 2019. This was done to help determine the amount of Windows accounts that could be exposed and required security updates from Microsoft. Previous research had determined that password played a significant role in facilitating data breaches.
Microsoft Azure Cloud Security
The previous data breaches affected both Microsoft Office suite and Azure customers, and the report highlighted the cloud security dangers that weak password practices exacerbate. Specifically, the study expounded the threat posed by virtual machine (VM) hijacking that could result from a lack of cybersecurity in IaaS resource provisioning.
Office 365, Phishing and Malware
Much of the rest of Microsoft Security Intelligence report focused on the other typical security concerns that have historically plagued Windows computers. Namely, the research team covered the phishing attacks and malware infections (including ransomware) that Microsoft Office applications have proven vulnerable to.
As the report itself distinguishes, no matter the rate at which the technology is upgraded, Microsoft product users are consistently susceptible to exploits which leverage human error. Phishing, ransomware and remote code executions have often been at the top of this list, exacerbated by unsecured cloud connections and complacent security practices.
When Password Security Not Enough, Use MFA
Multi-factor authentication (MFA) adds a second layer of defense to traditional network security infrastructures, one that even the Microsoft Security Intelligence report claims has a 99 percent effectiveness rate. Using MFA on top of a basic password requirements ensures that your user accounts will have an extra step before access, protecting your system against credential data leaks.
Download our guide to securing remote access to learn more about MFA with DUO and how it protects your system users against breaches, no matter where they are.