Experts from Microsoft have insisted that it remains a sensible idea for the greater good to continue using easily-hackable passwords on low-risk websites and to reuse said passwords for multiple accounts. The vast majority of major technology companies have over recent weeks and months been stepping up their campaigns to urge and encourage the use […]
Experts from Microsoft have insisted that it remains a sensible idea for the greater good to continue using easily-hackable passwords on low-risk websites and to reuse said passwords for multiple accounts.
The vast majority of major technology companies have over recent weeks and months been stepping up their campaigns to urge and encourage the use of ultra-strong passwords. Those favoring the old standards of “Password” or “123456” or “ABCDEF” for example have been near-universally panned for their blatant flouting of common sense advice, as too have those reusing the same passwords over and over again.
So, why it is that Microsoft is now insisting that part of safe-practice for password use should indeed include the reuse of passwords across multiple sites?
Once a hacker gains entry to a site using a password, chances are they’ll then try it out on every other site linked to the primary site to try and gain entry…password reuse being to blame if they manage it. However, a trio of bigwigs from Microsoft have made the somewhat surprising call for web users to continue using repeat-password approaches in certain scenarios.
According to Cormac Herley and Dinei Florencio who teamed up with Carleton University’s Paul C. van Oorschot, as far as low-risk websites are concerned then password reuse is both ok and to some extent encouraged. They insist that when there’s nothing of value to protect then it’s more than acceptable to reuse simple passwords – the really meaty passwords by contrast being saved for high-risk sites.
“The rapid decline of password complexity as recall difficulty increases suggests that, far from being unallowable, password re-use is a necessary and sensible tool in managing a portfolio,” they advised.
“Re-use appears unavoidable if complexity]must remain above some minimum and effort below some maximum.”
And there you have it – save the tricky stuff for your banks and business sites, but feel free to go back to easy and truly-hackable passwords for any sites that don’t count for jack…Redmond says it’s fine!
