As we’re sure you’ve all come across a list of passwords that have been deemed the worst passwords. This is because some of these passwords are easy and obvious, which allows anyone to log into your account since it doesn’t really take a genius to figure out some of them. This is why security researchers have suggested using more complex passwords which would make it harder for your amateur hacker to figure out.
However according to a recent report by two Microsoft researchers – Dinei Florencio and Cormac Herley, along with Paul C. van Oorschot from Carleton University, they have suggested that perhaps using long and complex passwords might not necessarily be the way to go. Their report, Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts, basically takes a look at the best established practices for choosing passwords and whether or not they make sense.
According to their findings, it seems to be a mixed response. Basically the idea is that we should use simple passwords that we can remember for accounts and services that don’t contain critical information, like our credit card details, banking information, home address, and so on. Such services could be like forums where you won’t need to enter a lot of personal information when you sign up.
They claim that by using simple passwords for not-so-important websites, it frees up mental capacity to remember long and complex passwords where it really matters, like your PayPal account, your iTunes account, your bank account, and so on. Their research also seems to reject the idea of using a password management system, like 1Pass or LastPass, claiming that if the password management service is hacked, the rest of their passwords would be stolen along with it.
It’s actually an interesting proposal and it definitely goes against the grain and convention, but what do you guys think?