Friday, 18 July 2014

Research: reusing bad passwords not necessarily a bad idea

Slashdot has a post that links to a recent Microsoft research paper titled "Password Portfolios and the Finite-Effect User: Sustainably Managing Large Numbers of Accounts" (16 page pdf).  From the abstract: 
We explore how to manage a portfolio of passwords. We review why mandating exclusively strong passwords with no re-use gives users an impossible task as portfolio size grows... Our findings directly challenge accepted wisdom and conventional advice.
Or, as Slashdot explains it, not only do they recommend reusing passwords, but reusing bad passwords for low risks sites to minimize recall difficulty.

No comments: