Business / Review

Web users urged to re-use old passwords

By Sophie Curtis (China Daily) Updated: 2014-08-09 07:31

The conventional wisdom that web users should always use strong passwords that are never repeated has been challenged in a new report.

Researchers at Microsoft claim that many web users struggle to remember a long list of complex passwords. They therefore recommend that users only use strong passwords for websites that hold sensitive information, such as banking sites.

Web users urged to re-use old passwords

For low-risk websites, such as blogs, the researchers suggest that web users divide their accounts into groups, according to sensitivity, and use the same memorable password for all the accounts in each group.

Microsoft argues that, by reducing the pressure on web users to remember complex passwords for every website they visit, they are more likely to put effort into choosing strong passwords for the sites that matter.

"Our findings directly challenge some conventional wisdom," Dinei Florencio and Cormac Herley from Microsoft Research and Paul van Oorschot from Carleton University in Canada wrote in their report.

"We find, for example, that a portfolio strategy ruling out weak passwords or password re-use is sub-optimal."

The researchers explained that, while a wide range of service providers, campaigners and government entities stress that passwords should be random and strong, and should not be re-used across accounts, this advice is regularly ignored by consumers.

Analysis of leaked password datasets, such as the 32 million passwords exposed in a hack of the RockYou website in 2009, revealed that a huge number of users still use weak passwords like 123456 and Password.

Previous Page 1 2 Next Page

Hot Topics

Editor's Picks
...
...