Posey's Tips & Tricks

What's Behind the Rumored Office 365 Password Manager

Microsoft is said to be planning a new "Life" edition of Office 365 for spring 2020, but Brien is most intrigued by the password manager that's reportedly coming with the bundle.

• By Brien Posey
• 01/08/2020

Although there has not been any official confirmation from Microsoft yet, there are widespread rumors that Microsoft is planning to release a new edition of its Office 365 suite this spring. The new edition, which will supposedly be called "Microsoft 365 Life," will be geared toward consumers and home users.

The rebranding of Microsoft's consumer-oriented Office subscription service doesn't surprise me. After all, Microsoft's marketing department is notorious for these sorts of rebranding efforts. The applications in the Windows app store, for example, were previously known as "metro" apps, then "modern" apps, then eventually Windows Store apps.

The one thing about the Microsoft 365 Life rumors that did get my attention, however, was that Microsoft is rumored to be including a password manager in the bundle.

There are several reasons why I found the inclusion of a password manager to be significant. First, it seems completely plausible that Microsoft will use Microsoft 365 Life as a testbed for its new password manager (assuming that the rumors are true). As the company matures the password manager, though, it will likely roll it out to other Office 365 subscribers.

Admittedly, I have had mixed success with my technology predictions over the years. Even so, I am guessing that the 2.0 version of the password manager will find its way into Office 365 enterprise subscriptions. I am also guessing that we will eventually see the introduction of an Office group policy template with settings that can be used to enforce the use of the new password manager and control its various settings.

Another reason I found the prospect of an Office-embedded password manager to be so interesting is that Microsoft recently abandoned a decades-old best practice when it told its customers that they no longer need to worry about periodically changing their passwords.

At first, introducing a password manager might seem to fly in the face of this newfound password freedom. When you really stop to think about it, though, a password manager is probably a good fit for Microsoft's new policy. After all, if you are going to relax your password policy requirements, then it is important for users to use strong passwords and to avoid using the same password on multiple sites. Having a password manager can help users do just that.

Admittedly, the rumors indicate that the password manager is going to be bundled with an Office subscription that is intended for use by home users, and home users are not subject to corporate password policies. Even so, a well-designed password manager can help home users develop good password habits. And if or when the password manager does eventually make it into the enterprise, it will presumably be a helpful resource for helping organizations keep their users' passwords more secure.

Finally, I just can't help but wonder if the alleged inclusion of a password manager in Office 365 has something to do with Microsoft's recent announcement that it had discovered that 44 million Microsoft account passwords had been compromised.

If you haven't heard about this one yet, Microsoft recently discovered that there are roughly 44 million Azure Active Directory and Microsoft services (such as Hotmail) accounts that are vulnerable to hijacking because those accounts are using passwords that are known to have been compromised.

Even though the story of the 44 million vulnerable accounts has only recently begun to make headlines, several online sources indicate that Microsoft actually made the discovery back in the first quarter of 2019. If that is true, then Microsoft would have had plenty of time to figure out a strategy for dealing with the compromised passwords.

I have heard that Microsoft is forcing users with vulnerable accounts to reset their passwords, but it seems likely that Microsoft is going to use its new password manager as a tool to reduce the chances of a repeat discovery (of tens of millions of vulnerable accounts) in the future.

As it stands right now, there is no official confirmation of the Microsoft 365 Life rumors or the password manager rumors. Given the history of Microsoft news leaks, however, I am inclined to believe that the rumors are true. We will just have to wait and see.