What is password protection?
Password protection helps protect your data from bad actors by detecting and blocking known weak passwords, and weak terms specific to your organization.
Learn more about Microsoft Security
Identity and access solutions
Help protect against cybersecurity attacks with a complete identity and access management solution.
Help your workforce stay protect and productive with a seamless identity solution.
Discover how end users can sign in with one look or tap through passwordless authentication.
Help protect your organization from malicious impersonation-based phishing attacks.
Password security helps protect your data from bad actors by detecting and blocking known weak passwords, their variants, and any additional weak terms specific to your organization.
Passwords are the first line of defense against unauthorized access to devices and online accounts. The stronger the password, the better protected your devices, files, and accounts will be.
Here are the best ways to protect your passwords:
- Create strong passwords that are longer than 12 characters, include uppercase and lower-case letters, punctuation marks, and avoid memorable paths on the keyboard or keypad.
- Avoid using the same password across multiple accounts.
- Store passwords in a safe place online, such as with a password manager, and offline.
- Use multi-authentication requiring two or more pieces of identification to gain access to an account.
- Install antivirus and antimalware software on devices to detect and alert you to suspicious activity.
Bad actors use a variety of tactics to steal passwords that include:
- Brute force attacks, a method that uses trial and error to crack passwords and login credentials to gain unauthorized access to accounts and systems.
- Credential stuffing, the automated use of stolen usernames and passwords to gain unauthorized access to online accounts.
- Dictionary attacks, which attempt to break a password by entering every word in the dictionary, using derivatives of those words with character and alphanumeric replacements, and using leaked passwords and key phrases.
- Keylogging, using a software program to track a user’s keyboard strokes, including PINs, credit card numbers, usernames and passwords.
- Malware, malicious software designed to harm or exploit computer systems and, in many cases, steal passwords.
- Password spraying, the use of a single password against many accounts to avoid account lockouts and remain undetected.
- Phishing, which tricks users into sharing their credentials with hackers impersonating legitimate institutions and vendors.
Password strength is the measure of how effective a password is against an attack. A password’s strength depends on its length, complexity, and unpredictability.
Strong passwords are the first line of defense against cyberattacks and can help lower the risk of a security breach. They typically are long and include uppercase letters, lowercase letters, numbers, and special characters. Strong passwords should not have any personal information. Some examples are: