Hackers use much of the same data to build tables that assist their attacks, so Microsoft is essentially taking a page from the Hackers’ own playbook and trying to use it against them. By preventing the use of any passwords currently on the hackers’ “hot list,” they hope to make all their products more secure. Note that this “banned weak password list” is in addition to the minimum length and character requirements already in place on Microsoft products. While you won’t see any outward differences in the appearance or functionality of these applications, if you try to set a password on the list, you’ll simply be prompted to try again.
A bit heavy-handed? Perhaps, but it is an effective way to help users help themselves and bolster the overall level of security online. The banned list is actually already in place and currently being used on Outlook, Xbox and Xbox live, OneDrive and a variety of other services, and will soon be expanded to include Microsoft’s Azure AD login system. Other companies will probably adopt a similar posture in the months ahead, or, as Google is doing with their Android OS, moving away from passwords entirely, and adopting the “Trust API” methodology.