Don’t Wait for Microsoft to Reset Your Account Password
Microsoft’s decision to reset passwords for 44 million accounts is actually good. If your account is affected, thank Father Gates because Microsoft is warning you that it has searched a database of over three billion leaked accounts and found information that belongs to you.
Microsoft has been forcibly resetting accounts for much of 2019. Whether you have been asked to create a new password or not, a recent security report from Microsoft offers the following suggestions for those looking to further secure their accounts forward:
“Given the frequency with which passwords are reused by multiple people, it is very important to back up the password with some form of strong credential. Multi-Factor Authentication (MFA) is an important security mechanism that can dramatically improve your security. Our numbers show that 99.9% of identity attacks were prevented by enabling MFA. You can learn about Microsoft Azure MFA here . Microsoft also offers solutions to help protect customers from replay attacks. This includes the ability to mark users as high risk users and to inform the administrator to force a password reset. “
Account security is your job, not Microsoft
To be honest, Microsoft should n’t have done this. I’m glad they are, and would like all companies to be just as diligent about protecting their usernames. But you also have this power.
First, you should always enable two-factor authentication for any account that offers it, period. It is easy to determine which companies and services allow you to do this, and it takes little time to set up. While this does not guarantee perfect security, it is much more difficult for an attacker to hack into your account, even if they know your username and password.
Then go to Have I Been Pwned? and enter the email address you use for your accounts, possibly your primary email address. Raise your accounts for any services that appear on the list of hacks and change their passwords. (And check if these services offer 2FA too.)
If you’d rather automate this, you have a variety of options. Tools like Firefox Monitor and Google Password Checkup can tell you when your credentials are being compromised. Popular password managers like 1Password , LastPass, and KeePass (with the plugin ) can also notify you when your saved credentials have been compromised.
There is really no reason why you shouldn’t be using a password manager at this time. Yes, many of the best options (like 1Password ) cost money ($ 3 a month), but convenience and security are money well spent. If you prefer not to spend money, LastPass offers a free basic version
Stop using the same damn password
In addition to these steps, normal password rules apply. Use password managers (oryour favorite online generator ) to create long, strong and complex passwords that you can store in your favorite password manager. Each site and service must receive a unique password; if you are lazy and use the same password for multiple sites, one violation and you will have to change all your passwords again .
(I am currently doing this because I have … too many services that I use similar passwords to access, and I will spend part of my vacation replacing all of them. I am not looking forward there.)
But in fact, that’s all. It is not that hard to protect yourself from most hacks that expose your account credentials. It only takes three steps:
- Use unique passwords for each site and service
- Turn on two-factor authentication wherever possible
- Find a way to stay on top of hacked accounts and change passwords whenever they are hacked.
While that doesn’t mean you’ll never have a bad day with a security breach – especially if someone finds a way to hack your password manager or otherwise finds a way to hack your two-factor authentication application – I can safely say that these three steps should keep you safe from most of the account problems you will encounter.
Yes, you can get even crazier and start protecting yourself with hardware tokens and stuff , but if everyone took these basic steps, imagine how much more secure the world’s accounts would be. Dramatically? Yes, but important.