Microsoft has turned best password safety practices on their head with a new study which argues that, contrary to popular wisdom, sometimes you do need to use bad passwords, and you should reuse these on multiple websites.

Reusing passwords has become haram in the eyes of most web security experts. That’s because the logical assumption is that if a hacker is able to obtain your credentials for one site, he or she will naturally attempt to use them to gain access to other websites too.

But Microsoft researchers Dinei Florencio and Cormac Herley, alongside Paul C. van Oorschot of Carleton University, Canada, have questioned that theory in a new study, titled Password portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts.

According to the trio, it would be better to reuse simple passwords on ‘low risk’ websites, and save your more complex codes for important sites. Which means using the same easy to remember password for sites that don’t store any important data, and unique ones for your bank, email, social media accounts, work logins, and anything else you consider valuable.

“The rapid decline of [password complexity as recall difficulty] increases suggests that, far from being unallowable, password re-use is a necessary and sensible tool in managing a portfolio,” the authors note. “Re-use appears unavoidable if [complexity] must remain above some minimum and effort below some maximum.”

In other words, Microsoft’s researchers actually recognize one of the realities of life – complex passwords are difficult to remember, and that can be incredibly annoying, which is why many people don’t bother. They also recognize that many people are totally unconcerned by security.

A recent survey in the UK found that most British people use the same five passwords across an average of 26 websites, with one in 25 using just a single password for everything. Interestingly, that study also shoots holes in the common practise of enterprises forcing users to change passwords at regular intervals – it claims this is counter-productive, as it encourages people to use weaker passwords that are easier to remember.

Algebra lovers and other interested people can read the Microsoft researchers’ paper for a more detailed explanation of their recommendations here.

Image credit: geralt via Pixabay.com