Sometimes recycling isn’t good, especially when it comes to taking old passwords and re-using them for new accounts. Reddit has announced that it was forced to reset 100,000 passwords in the past two weeks for accounts which have been compromised by malicious third-parties. The site itself does not have a security problem but due to several recent password dumps, including the release of over 100 million LinkedIn credentials, cybercriminals have been able to re-use the leaked passwords across various sites. 

Reddit is a combination bulletin board, social network and user-generated news site. According to the company, “even the best security in the world won't work when users are reusing passwords between sites.” As part of the announcement, the company noted that it has considered introducing two factor authentication, allowing users to login to the website using two different components, such as a password and a unique one-time code. The company also recommends using a password manager to help users maintain a set of unique and complex passwords.

In related news, Microsoft announced that it is banning commonly used passwords for a number of its services, including Xbox Live and OneDrive. According to a post on the company’s security blog, “When it comes to big breach lists, cybercriminals and the Azure AD Identity Protection team have something in common – we both analyze the passwords that are being used most commonly. Bad guys use this data to inform their attacks…What *we* do with the data is prevent you from having a password anywhere near the current attack list, so those attacks won’t work.”

The latest Microsoft Security Incident Report announced that the company records over 10 million attempted attacks on its user accounts every day.