Microsoft says bad passwords are a good idea
Microsoft has turned best password safety practices on their head with a new study which argues that, contrary to popular wisdom, sometimes you do need to use bad passwords, and you should reuse these on multiple websites.
Reusing passwords has become haram in the eyes of most web security experts. That’s because the logical assumption is that if a hacker is able to obtain your credentials for one site, he or she will naturally attempt to use them to gain access to other websites too.
But Microsoft researchers Dinei Florencio and Cormac Herley, alongside Paul C. van Oorschot of Carleton University, Canada, have questioned that theory in a new study, titled Password portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts.
According to the trio, it would be better to reuse simple passwords on ‘low risk’ websites, and save your more complex codes for important sites. Which means using the same easy to remember password for sites that don’t store any important data, and unique ones for your bank, email, social media accounts, work logins, and anything else you consider valuable.
“The rapid decline of [password complexity as recall difficulty] increases suggests that, far from being unallowable, password re-use is a necessary and sensible tool in managing a portfolio,” the authors note. “Re-use appears unavoidable if [complexity] must remain above some minimum and effort below some maximum.”
In other words, Microsoft’s researchers actually recognize one of the realities of life – complex passwords are difficult to remember, and that can be incredibly annoying, which is why many people don’t bother. They also recognize that many people are totally unconcerned by security.
A recent survey in the UK found that most British people use the same five passwords across an average of 26 websites, with one in 25 using just a single password for everything. Interestingly, that study also shoots holes in the common practise of enterprises forcing users to change passwords at regular intervals – it claims this is counter-productive, as it encourages people to use weaker passwords that are easier to remember.
Algebra lovers and other interested people can read the Microsoft researchers’ paper for a more detailed explanation of their recommendations here.
Image credit: geralt via Pixabay.com
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
