No need to keep that password list handy anymore. Users should use and reuse weak passwords for websites that don’t hold valuable information, say researchers from Microsoft, overturning decades of accumulated wisdom on Internet security, reports Alex Hern, the guardian.com.
By not having to worry about remembering complex unique passwords for every individual website, users can focus their efforts on recalling secure passwords for high-value sites like banking or e-commerce.
Researchers, Dinei Florencio and Cormac Herley from the Redmond-based software company and Paul C. van Ooschot from Carelton University in Canada, argue that password managers introduce more problems than they solve. While they allow the use of fully random, completely unique passwords, they also introduce a single point of failure: Users can lose or forget the password to their password manager, or the cloud service that hosts their passwords could be hacked.
So what should users do? The study argues that users should pick and re-use easy-to-remember passwords for low-risk sites, in order to maximize their ability to recall complex unique passwords for high-risk ones. In other words, free up space in your brain to make your banking password as complex as you can recall by using your pet’s name for all the things you don’t care about losing.
Should you give up passwords entirely as The Wall Street Journal’s Christopher Mims did recently when he shared his Twitter password in his weekly column? Mims relied on the power of two-factor authentication, which sends a text message to his phone with a special login code, to keep his account safe, writing that “it might seem foolish to replace an authentication token that you keep in your head (a password) with one you keep in your pocket (like a phone) but consider: The former can be obtained by hackers, and the latter you can shut down the moment it goes missing.”
Only one possible password replacement—the chip and pin readers common on banking websites—scored full marks on the researchers’ security test, and nothing was as easy-to-deploy as passwords.
— Adapted from “Microsoft tells users to stop using strong passwords everywhere,” Alex Hern, theguardian.com.