Now they tell us: Microsoft says strong passwords are overrated

Best Password Tips Microsoft

You know all the time and trouble you put into making and memorizing unique strong passwords for every website you visit? Well, Microsoft says a lot of that was likely misspent energy. The Guardian informs us that new research from Microsoft (PDF) shows that we probably shouldn’t use strong passwords for all our websites and that having weak passwords will suffice in many circumstances.

Microsoft does say that unique strong passwords have their uses, of course, it’s just that they should be saved for websites that really do contain sensitive information such as online banking. Microsoft also points out the risks of using password managers like 1Passwsord and LastPass — namely, if a hacker somehow figures out how to hack into your password vault, you’re basically screwed because they’ll be able to access every one of your online accounts all in one place.

“Strategies to cope with the human impossibility of using strong passwords everywhere without re-use include single-sign-on, use of email-based password reset mechanisms, and password managers,” the researchers write before noting that the “main risk” with these strategies is that “portability across different client devices is lost as the passwords (if they are unique and random) are effectively anchored to the client on which they are stored.”

So instead of using password managers or creating complex passwords for every site, you should feel free to use simple passwords for, say, your Reddit and Disqus accounts while saving your most complicated and unique passwords for your bank account.

blog comments powered by Disqus