Thanks to copycat passwords, hackers love Microsoft

According to ZDNet, one out of every five Microsoft Account logins is compromised in some way thanks (or should we say, no thanks) to hackers.

In a company blog post, Microsoft Account group manager Eric Doerr said many people use duplicate login information across a number of websites and applications. As such, when one account is hacked, notably Microsoft Accounts (formerly Windows Live ID), others are put at risk.

“This highlights the longstanding security advice to use unique passwords, as criminals have become increasingly sophisticated about taking a list of usernames and passwords from one service and then ‘replaying’ that list against other major account systems,” Doerr said in the blog post. “When they find matching passwords they are able to spread their abuse beyond the original account system they attacked.”

In an attempt to allay security concerns, Doerr detailed some of the steps undertaken by Microsoft as part of its layered security methods.

To address issues related to duplicate login information, the company double-checks its own records against lists of compromised accounts from elsewhere. Once a compromised login is identified, Doerr said Microsoft then monitors the account.

“If we do see signs of criminal activity, we suspend the account and ask the rightful owner to go through account recovery to regain control, he wrote. “In other cases we simply ask the customer to change their password (before any harm can be done).”

The blog post also detailed some additional steps Microsoft is taking up to make its accounts harder for hackers to access. In particular, the company’s password limit will expand beyond the current 16 character limit, according to ZDNet.

Are you surprised to hear so many Microsoft accounts are compromised? What layered security methods do you use to prevent hackers?