Trace Id is missing
Skip to main content
Microsoft Security

What is password protection?

Password protection helps protect your data from bad actors by detecting and blocking known weak passwords, and weak terms specific to your organization.

Learn more

Password protection defined

Password protection is an access control technique that helps keep important data safe from hackers by ensuring it can only be accessed with the right credentials.

Password protection is one of the most common data security tools available to users—but they are easily bypassed if not created with hackers in mind. Organizations can facilitate better password management by implementing a password protection solution designed to block weak passwords, repetitive variants, and any terms that might be easy to guess.

Why is password protection important?

Passwords are the first line of defense against unauthorized access of online accounts, devices, and files. Strong passwords help protect data from bad actors and malicious software. The stronger the password, the more protected the information will be. Using weak passwords is much like leaving the door open to your car or house—it’s just not safe.

Consequences of weak passwords

When the average person has more than 150 online accounts, password fatigue is a reality. It’s tempting to use simple passwords or the same password for several accounts instead of creating unique passwords for each account. Password complacency, however, can lead to devastating consequences for individual users and businesses.

For individuals, the loss of valuable personal, financial, and medical information can have long-lasting financial and reputational repercussions. Victims may find themselves unable to buy a car, rent an apartment, or secure a mortgage; they can even be denied critical medical services. For many, it can cost time and money to restore their good name and get their lives back on track.

When cybercriminals gain unauthorized access to an organization’s data, the consequences can be severe. Businesses can experience a significant loss of revenue, intellectual property, and disruption to operations, as well as incur regulatory fines and sustain reputational damage.

Hackers are becoming increasingly sophisticated in the way they steal passwords.

How do passwords get hacked?

Bad actors use a variety of tactics to steal passwords, including:

  • Brute force attacks, a method that uses trial and error to crack passwords and login credentials to gain unauthorized access to accounts and systems.
  • Credential stuffing, the automated use of stolen usernames and passwords to gain unauthorized access to online accounts.
  • Dictionary attacks, which try to break a password by entering every word in the dictionary, using derivatives of those words with character and alphanumeric replacements, and using leaked passwords and key phrases.
  • Keylogging, the use of a software program to track a user’s keyboard strokes to steal PINs, credit card numbers, usernames, passwords, and more.
  • Malware, malicious software designed to harm or exploit computer systems and, in many cases, steal passwords.
  • Password spraying, the use of a single password against many accounts to avoid account lockouts and remain undetected.
  • Phishing, which tricks users into sharing their credentials with hackers impersonating legitimate institutions and vendors.

The best way to protect against password hackers is to:

  • Use strong passwords on all devices and accounts.
  • Be skeptical about links and attachments.
  • Shield paperwork, device screens, and keypads from view to keep criminals from stealing passwords by looking over a target’s shoulder.
  • Avoid accessing personal and financial data with public WiFi.
  • Install antivirus and antimalware software on all devices.

How to create a strong password

Strong passwords can help defend against cyberattacks and lower the risk of a security breach. They typically are long—at least 12 characters—and include uppercase letters, lowercase letters, numbers, and special characters. Strong passwords should not have any personal information.

Follow these guidelines to create strong passwords:

  • Use at least eight to 12 characters.
  • Use a combination of letters, numbers, and symbols.
  • Use at least one uppercase letter.
  • Use a different password for each of your accounts.
  • Use uncommon, unusual words. Draw from song lyrics, quotes, or popular phrases to make the password more memorable. For example, using the first two letters of each word in the sentence, “Veritable Quandary was my favorite Portland restaurant,” could yield the password: VeQuwamyfaPore97!.

Some examples of strong passwords are:

  • Cook-Shark-33-Syrup-Elf.
  • Tbontbtitq31!.
  • Seat_Cloud_17_Blimey.

Weak passwords often contain personal information or follow keyboard patterns. Some examples of weak passwords are:

  • 1234567.
  • 1111111.
  • Qwerty.
  • Qwerty123.
  • Password.
  • Password1.
  • 1q2w3e.
  • Abc123.

Password protection solutions

Password protection is critical to securing data and protecting against identity compromise and data breaches. Individuals can help keep out hackers by using strong passwords on their online accounts, devices, and files. Organizations can protect access to valuable resources and data with services like Microsoft’s identity access and passwordless protection solutions.

Learn more about Microsoft Security

Identity and access solutions

Help protect against cybersecurity attacks with a complete identity and access management solution.

Learn more

Identity compromise

Help your workforce stay protect and productive with a seamless identity solution.

Learn more

Passwordless protection

Discover how end users can sign in with one look or tap through passwordless authentication.

Learn more

Phishing

Help protect your organization from malicious impersonation-based phishing attacks.

Learn more

Frequently asked questions

  • Password security helps protect your data from bad actors by detecting and blocking known weak passwords, their variants, and any additional weak terms specific to your organization.

    Passwords are the first line of defense against unauthorized access to devices and online accounts. The stronger the password, the better protected your devices, files, and accounts will be.

  • Here are the best ways to protect your passwords:

    • Create strong passwords that are longer than 12 characters, include uppercase and lower-case letters, punctuation marks, and avoid memorable paths on the keyboard or keypad.
    • Avoid using the same password across multiple accounts.
    • Store passwords in a safe place online, such as with a password manager, and offline.
    • Use multi-authentication requiring two or more pieces of identification to gain access to an account.
    • Install antivirus and antimalware software on devices to detect and alert you to suspicious activity.

  • Bad actors use a variety of tactics to steal passwords that include:

    • Brute force attacks, a method that uses trial and error to crack passwords and login credentials to gain unauthorized access to accounts and systems.
    • Credential stuffing, the automated use of stolen usernames and passwords to gain unauthorized access to online accounts.
    • Dictionary attacks, which attempt to break a password by entering every word in the dictionary, using derivatives of those words with character and alphanumeric replacements, and using leaked passwords and key phrases.
    • Keylogging, using a software program to track a user’s keyboard strokes, including PINs, credit card numbers, usernames and passwords.
    • Malware, malicious software designed to harm or exploit computer systems and, in many cases, steal passwords.
    • Password spraying, the use of a single password against many accounts to avoid account lockouts and remain undetected.
    • Phishing, which tricks users into sharing their credentials with hackers impersonating legitimate institutions and vendors.

  • Password strength is the measure of how effective a password is against an attack. A password’s strength depends on its length, complexity, and unpredictability.

  • Strong passwords are the first line of defense against cyberattacks and can help lower the risk of a security breach. They typically are long and include uppercase letters, lowercase letters, numbers, and special characters. Strong passwords should not have any personal information. Some examples are:

    • Pilot-Goose-21-Cheese-Wizard.
    • Pie_Bumpy_Dove_Mac44.
    • Oui.Mister.Kitkat.99.

Follow Microsoft