Microsoft and Carleton University researchers suggest in a new report that Internet users do not need to use complex passwords for all of their online accounts, contradicting established best practices for password security. Their study found that a password management strategy "ruling out weak passwords or password re-use is sub-optimal."
The researchers note it is increasingly difficult for users to employ the best practice of using different, long, and complex passwords for every online account, going so far as to call it a "human impossibility." The researchers say common coping mechanisms such as writing passwords down, single sign-on services, email-based password resets, and password managers are all acceptable solutions. They also argue a better solution is for Internet users to separate their online accounts into high-value and low-value accounts, the former including email and banking accounts and the latter including less sensitive accounts such as those for chat forums.
The researchers say high-value accounts should continue to be protected with complex passwords, but accounts in the second tier should use simple and commonly re-used passwords. "We note that while password re-use must be part of an optimum portfolio strategy, it is no panacea," the report says.
From International Business Times
View Full Article
Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA
No entries found