The conventional wisdom that web users should always use strong passwords that are never repeated has been challenged in a new report.
Researchers at Microsoft claim that many web users struggle to remember a long list of complex passwords. They therefore recommend that users only use strong passwords for websites that hold sensitive information, such as banking sites.
For low-risk websites, such as blogs, the researchers suggest that web users divide their accounts into groups, according to sensitivity, and use the same memorable password for all the accounts in each group.
Microsoft argues that, by reducing the pressure on web users to remember complex passwords for every website they visit, they are more likely to put effort into choosing strong passwords for the sites that matter.
"Our findings directly challenge some conventional wisdom," Dinei Florencio and Cormac Herley from Microsoft Research and Paul van Oorschot from Carleton University in Canada wrote in their report.
"We find, for example, that a portfolio strategy ruling out weak passwords or password re-use is sub-optimal."
The researchers explained that, while a wide range of service providers, campaigners and government entities stress that passwords should be random and strong, and should not be re-used across accounts, this advice is regularly ignored by consumers.
Analysis of leaked password datasets, such as the 32 million passwords exposed in a hack of the RockYou website in 2009, revealed that a huge number of users still use weak passwords like 123456 and Password.
Copyright 1995 - . All rights reserved. The content (including but not limited to text, photo, multimedia information, etc) published in this site belongs to China Daily Information Co (CDIC). Without written authorization from CDIC, such content shall not be republished or used in any form. Note: Browsers with 1024*768 or higher resolution are suggested for this site.
License for publishing multimedia online 0108263 Registration Number: 20100000002731 
