Microsoft Says Strong Passwords Are Unnecessary

Ask any number of Internet security experts and they’ll tell you that having strong passwords for your online accounts is generally a good idea. They’ll tell you that strong passwords don’t contain any real words or personally identifiable information. They’ll tell you to use upper- and lower-case characters, as well as numbers and symbols. And when it comes to strong passwords, the longer the better. Ask Microsoft and they’ll tell you that strong passwords are a waste of time.

That’s not completely true, but a recent report from Microsoft is saying that dealing with all of these unique strong passwords could be more trouble than they are worth. When it comes to “low priority” accounts that you have, perhaps like Imgur or Reddit, having an easier-to-remember “weak” password is probably all you need. When it comes to higher priority accounts, strong passwords are still recommended. That would be for online banking and Google, for instance, as well as with some services like Facebook.

The reason I mention Google and Facebook in particular is that you can use these services to “sign in” to other services. If your Facebook account gets compromised, the hacker can then have access to all the sites where you use Facebook to login. In light of the recent Heartbleed scare, many of us have gone around changing passwords everywhere, but what inevitably happens? We forget those increasingly complex and obscure passwords with all the symbols and numbers everywhere. We end up hitting that “forgot password?” link to reset them time and time again.

Microsoft recommends against using password managers like 1Password and LastPass. Again, if your account there is compromised, the hacker has free run over all of your associated accounts. They say you’re just trading “one set of risks for another.” That’s not good. You could try using a secure USB key, but that adds another layer of inconvenience. You should be using two-step authentication where available, though, and make sure you put a password on your smartphones and tablets. You typically stay logged into your apps on mobile devices, after all.


Via The Guardian

Share This With The World!
  •  
  •  
  •  
  •  
  •  
  •  
  •