You are here

Password Advice Not Feasible in Practice

Researchers argue that widely cited principles of password security are not feasible when applied across a large body of passwords that protect multiple accounts.

Since adhering to the two foundations of password security—that passwords should be random and strong and should not be reused across multiple accounts—places undue burden on users' memory, the researchers, from Microsoft and Carleton University in Ottawa, Canada, suggest that selective use of weaker passwords is okay. 

Still, they hedge:

While the optimal strategy involves selective re-use and weaker passwords, benefits accrue only if the effort saved is re-deployed elsewhere for better returns. Users must not arbitrarily weaken and re-use passwords. The empirical studies are needed to determine if our guidelines can be followed by users.

Read more.

Start Date: 
Friday, August 1, 2014