Why You Need Fresh Passwords For Everything : Hackers Have 20 Percent Of Microsoft Logins

You’ve heard this before and you’ll definitely hear this again : use a different password for every site and service you use.

Really. Do it. No excuses.

Security experts are always banging on about the importance of not recycling passwords across multiple web sites and there is very good reason to pay heed to their advice – if you only use one password and it gets compromised then all of your accounts could be at the mercy of the bad guys.

If you need another warning then Eric Doerr, Microsoft Account group manager, has said that some 20% of all Microsoft account system (formerly known as Windows Live ID) logins have been compromised by hackers. (Twenty percent – thats a staggering number!) These logins cover several different services such as Messenger, Hotmail and SkyDrive. Said login credentials have not been compromised at Microsoft’s end though – they are based upon details leaked from other web sites.

Doerr writes,

“…Of course, as has been extensively covered, these attacks shine a spotlight on the core issue – people reuse passwords between different websites. This highlights the longstanding security advice to use unique passwords, as criminals have become increasingly sophisticated about taking a list of usernames and passwords from one service and then “replaying” that list against other major account systems. When they find matching passwords they are able to spread their abuse beyond the original account system they attacked…”

Hopefully such commentary will help hammer the point home – DO NOT RE-USE the same password over and over again. If, like me, you have many, many passwords then I can appreciate the difficulties involved in remembering them all. However, there are many password managers out there, such as KeePass, so you really don’t have any excuses.


Additionally, you may also want to look into shouldichangemypassword.com (thanks to Trevor Gryffyn for highlighting this service to me yesterday) which could give you an indication of whether your account details may already be out in the wild (if they are, change them now!)

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. What about 2-Factor Authentication via SMS. I have it on my email and I like the extra security it offers. You just telesign into your account and you’re good to go. I’m hoping that more organizations start to offer this awesome functionality. In reality this should be a prerequisite to any system that wants to promote itself as being secure.

    • Lee Munson says:

      Potentially excellent but, as you kind of hinted, not many organisations use it at this time unfortunately. If it were more widely adopted then it be a very good safeguard in my opinion.

Speak Your Mind