Microsoft study shows weak passwords and reuse not so bad



An interesting study from Microsoft Research has shown that using weak passwords and reusing them for various sites might not be so bad after all.

The study titled, “Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts” was written by Dinei Florencio and Cormac Herley from Microsoft Research and Paul C. van Oorschot, Carleton University, Ottawa, Canada. It points out that while everyone has been telling us all along that we should use strong passwords for everything we do and we should use unique passwords for every account, most of us don't.

Related: Cortana picks Seahawks

As the study says, “most users fall far short of following ‘traditional’ advice on password strength. Evidence also indicates widespread password re-use. While admonitions against this are almost universal, ignoring that advice seems equally universal. Clearly, users find managing a large password portfolio burdensome. Both password re-use, and choosing weak passwords, remain popular coping strategies.”

The study then goes into great length examining how the traditional approach might not always be the best approach.

“Our findings directly challenge some conventional wisdom. For example, we find: strategies that rule out password re-use or the use of weak passwords are sub-optimal. Both are valuable tools in balancing the allocation of effort between higher and lower value accounts.”

The report basically recommends that users would be better off if they group accounts by level of danger. Accounts that contain sensitive information like banking, business or other financial information should have unique, strong passwords that are not reused elsewhere, while casual accounts that have no financial information could use easier to remember passwords.

It makes sense on the surface. Trying to manage a large number of unique, hard to remember passwords is difficult and a lot of people end up writing down all those passwords in a text document stored somewhere on their computer – a practice that is, as the report states, another ‘sub-optimal’ solution.

Related: Cortana picks 10 out of 16 NFL games

So, if you’re logging on to Marvel Comics fan site or signing up for a cupcake of the week email newsletter go ahead and use your favorite pet’s name but try to come up with something a bit more original for your banking or online bill paying accounts.

The report delves into a lot of heavy statistical math and isn’t really intended for casual reading but if you are fond of equations you can read the full report here.



Guy Wright

Guy Wright has been covering the technology space since the days when computers had cranks and networks were steam powered. He has been a writer and editor for many of the most influential publications over the years – publications that helped shape our current technological zeitgeist. He has lost count of the number of articles, blogs, reviews, rants, and books that he has published over the years, but he hasn’t stopped learning and writing about new things.


More

More woes for GM – two dead in iPhone explosion

Two automotive engineers were killed while testing a beta version of GM's new messaging app.

Your Smartphone Is About To Get A New Superpower

One of the technologies coming to market that folks aren’t talking about much is LTE Direct, Qualcomm refers to this as a Digital 6th Sense, and it is kind of like a Superpower for your phone.

Microsoft Gets Serious About Security in Windows 10

Much of what you will be hearing about Windows 10 this year will have to do with things that make you safer and your company IT folks happier.