Enlarge

As Microsoft pats itself on the back for its crackdown on easily cracked passwords, keep this in mind: a quick check shows users still have plenty of leeway to make poor choices.

As a Microsoft program manager announced earlier this week, the Microsoft Account Service used to log in to properties such as Xbox Live and OneDrive Azure has been dynamically banning commonly used passwords during the account-creation or password-change processes.

But the measure is most likely intended to thwart only so-called online password cracking.

Still, the acceptance of "Pa$$w0rd1" by Google and Microsoft just goes to show that blacklisting has its limits, and there's only so much service providers can do to save users from their own poor habits.

A move like that would quickly come to resemble the vexing CAPTCHAs that all too often are impossible to solve on the first few tries.

Of course, there's a more effective measure: any account that stores even moderately sensitive information should be protected by a password that's randomly generated, contains numbers, symbols, and upper- and lower-case letters, is at least nine characters in length, and is unique for each account.

The text above is a summary, you can read full article here.