NEW STEP TECHNOLOGY: One in five Microsoft logins are in hands of hackers

Tuesday, 17 July 2012

One in five Microsoft logins are in hands of hackers

About 20 percent of Microsoft Account logins are found on lists of compromised credentials in the wake of hack attacks on other service providers, the company has said.

People re-use passwords and login details across services from different providers, Microsoft Account group manager Eric Doerr noted in a blog post on Sunday. That reuse means that if one set of logins is compromised, other accounts are at risk.

"These attacks shine a spotlight on the core issue — people reuse passwords between different websites," said Doer, speaking after the Yahoo breach last week that exposed 400,000 user details. "On average, we see successful password matches of around 20 percent of matching usernames."

Doer revealed the figure in a run-down of some Microsoft Account security practices, meant to reassure customers after the Yahoo hack. Microsoft Account is a single sign-on tool for Microsoft services such as SkyDrive, Hotmail, Xbox and Messenger.

Comparing lists

Microsoft regularly gets lists of compromised third-party login details from ISPs, law enforcement and vendors, as well as from lists published on the internet by hackers, according to Doerr. This information is checked against Microsoft login details using an automated process to check for any overlap. While 20 percent is the average, in one recent breach it was only 4.5 percent, said Doerr.

After a hack attack on another provider, Microsoft monitors its user accounts to see if they are being used to send spam. If it sees signs of criminal activity, it suspends the account, and the affected customer has to go through an account recovery process before being able to log in again.

If Microsoft suspects, but is not certain, that there has been a breach, it will ask customers to reset their passwords.

The company also uses behavioural monitoring technology similar to that used by banks to log patterns of access and location, to see if an attempted login is suspicious. The technology can block the attempt, or ask an additional identity question to decide whether to grant access.

Tightening security

The Microsoft Account team is working on tightening up security, Doerr said. The current 16-character limit on password length is set to increase, to make brute force attacks more difficult, for example. However, Microsoft is having problems making passwords longer because of its ecosystem, he noted.

"Unfortunately, for historical reasons, the password validation logic is decentralised across different products, so it's a bigger change than it should be and takes longer to get to market," Doerr said.

Yahoo, Gmail, Hushmail, Yandex and MyOperaMail all allow passcode lengths of 30 characters, as one Microsoft account holder, MondayBlues, pointed out in a comment.

Doerr noted that people using SkyDrive device-synchronisation software and buying products on Xbox.com are required to use two-factor authentication. Microsoft is working on implementing this security measure in more products and services, he said, but did not specify which.

No comments:

Post a Comment

About NEW STEP TECHNOLOGY

Who we are A team of seasoned designers providing cost-effective and efficient websites. We are composed of very friendly individuals that make up a team of specialist professionals who reside and work as part of the local community in UK, USA, AUS, CA and India. Since 2008, our company has been known in the field of building as well as designing websites, perfecting SEO and great marketing and promotion. Our staff is made up of more than 100 people which is the reason why we can respond to all the clients’ needs and questions in no time.
What we do Building websites for small businesses. Our team responds to all people who are planning to create their very own website, personal, professional, or for other businesses and projects, but do not know how to get started. The team can also work on clients with existing websites which need a boost to attract target users and more. The specialty of the team is in designing, creating, and managing websites for small businesses. Clients can also trust the team when it comes to search engine optimization, marketing, promotion, and social media, since they already have a lot of experience handling each one for years now. All of the senior team members also have a small business experience of their own this is the reason why they fully understand the needs of the clients. Clients can make an appointment and visit one of the “NewStep Technology offices or they can choose to just send an email, whatever is more convenient for them. The team believes, though, that it is better for them to get to know their clients more so that they can have a full grasp of their needs. Through this the team can create the best website for the clients that would be perfect for their business. For overseas clients, then there is no problem since the team has already worked with customers from the USA and even those from the UAE. The team is very skilled and already has a lot of experience working from a distance and clients are guaranteed to receive equal amount of attention and service from those clients who are nearby. So for clients who are aiming to boost their sales, develop brand loyalty or just build an online presence, then the team can be a huge help. Clients can choose from the list of services that the company offers which include website design and build, SEO, copy writing, and social media presence.
Our Core Services: SEO Reseller, Ecommerce, Website Design, Pay Per Click, Social Media Marketing