Microsoft Warns 1 Billion Windows Users—Do Not Use Password

This headline on Forbes is not quite as strange as it looks at first. The article is about how Microsoft is trying to move that huge number of users from passwords to passkeys for their Microsoft accounts — not their PCs. According to the article, this is a security move prompted by the, “7,000 attacks on passwords [blocked] per second… almost double from a year ago,” against their account infrastructure.

That’s a huge volume of attacks. If you do the math, that’s over 220 billion attempts per year to crack into user accounts at Microsoft.

So you think that leaves little, insignificant users like you and I unaffected because the crackers are spending all their time on the big targets? You’d be wrong. I experience hundreds of attempts to crack my firewall passwords every day. Not the same volume, but not insignificant, either. And it’s not because I run a popular web site either. Crackers do concentrate on the juicy targets, but they also search out the small, probably less well protected targets as well.

That’s what we all are, you know. We’re targets to the crackers.

What Microsoft is doing is a really good thing. I’m not in the habit of praising M$, but you probably already know that.

The problem is that M$ is doing it so late in the game. How many of those billion accounts are already cracked and being exploited?

The technology they’re using is Public/Private KeyPairs, PPKP to use the acronym. Technology that I and millions of Linux and Unix users have been taking advantage of for decades. No — that’s not all Linux users, but it’s mostly those of us who run websites or other servers and need to login remotely to perform maintenance and monitoring.

I’m going to go with Microsoft’s recommendation on this one. Switch over to use what they call “passkeys” as soon as possible.

Don’t wait! Do it NOW!

Please.