Microsoft Password Guidance

Microsoft - Research

Microsoft Password Guidance
Microsoft, May, 2016
By Robyn Hicock, Microsoft Identity Protection Team

Webmaster’s Note: While this document may be dated, the recommendations it presents remain solid.


This paper provides Microsoft’s recommendations for password management based on current research and lessons from our own experience as one of the largest Identity Providers (IdPs) in the world. It covers recommendations for end users and identity administrators.


Microsoft sees over 10 million username/password pair attacks every day. This gives us a unique vantage point to understand the role of passwords in account takeover. The guidance in this paper is scoped to users of Microsoft’s identity platforms (Azure Active Directory, Active Directory, and Microsoft account) though it generalizes to other platforms.

Read the Full Article »
Download the PDF »

Table of Contents:

Microsoft Password Guidance - Table of Contents.