Microsoft requires strong passwords

In the age of cyberattacks and data breaches, password security is more important than ever. Microsoft has just announced a new set of rules for Windows 10 sign-ins that would require users to use strong passwords with a minimum length of 14 characters – but does this increase in security translate to increased usability?

What happened?

Given that users are careless when choosing a password, Microsoft has changed the game’s rules.

Research has repeatedly shown that the list of most popular passwords is topped by “hard-to-guess” strings such as 123456, password, or qwerty. This is not so surprising if we assume that many registrations are forced (for example, there are more and more online shops, most of which only allow you to buy after registration); in such cases, it is even better not to register with the standard password you would typically use.

However, many people are so “lax” with “throwaway” accounts when registering for Facebook, Microsoft, and other important sites. The latter company has decided to banish weak passwords, so those who sign up now or are thinking of changing their password will no longer choose the three passwords above. Nor can they choose from the strings that have appeared on similar lists recently, as Microsoft has neatly disabled them. And the list of banned passwords will be regularly updated in the future to ensure that new character sets that have emerged do not weaken systems.

The question arises as to why Microsoft does not prefer to ask users to change their passwords regularly; the fact is that research also shows that most users find this a nuisance, and since everyone tries to make passwords easy to remember, the pattern of forced changes is predictable. In other words, this method does not strengthen security and weakens it.

Microsoft’s move is welcome, but it must be seen that it will not solve the problem in the long term. However, until the industry has a clearer idea of the alternative method, we hope more people will follow the Redmond manufacturer’s example. Ultimately, it is in everyone’s interest.


Ever since the advent of the internet, passwords have been a requirement for every account. Many people don’t put much thought into them, which leaves their accounts vulnerable to many attacks from hackers. Microsoft has taken this issue head-on by becoming one of the first major companies to require strong passwords. They have set up a complex system that requires passwords to at least be 14 characters long and include upper- and lowercase letters, numbers, and symbols.