No matter how many times we tell you to change your passwords and make it anything but your birthday, “123456,” or “password,” many still aren’t taking the efforts to make their accounts more secure. So Microsoft is actively doing something about it by banning weak passwords entirely.
The team calls it “dynamically banned,” which means that if your account uses a password that appears in the most-used/stolen password list, Microsoft will force you to create a more complex one instead. This will apply to Microsoft Account and Azure AD services.
In addition, Microsoft will continue using its lockout mode when you’ve guessed the password incorrectly too many times to prevent a hacking attempt. According to the company, this method keeps hackers out 54 percent of the time (the other 46 percent being you genuinely forgetting the password).
For more info on what Microsoft considers to be a strong password, you can check out its research paper here. But if you don’t have the time, just remember this: make it at least 8-characters long, use symbols and/or numbers, capitalization is your friend, and for the love of Christ, name it after anything but your pet. And if you want to get fancy, add two-factor authentication for an extra layer of security.