Sign In

Communications of the ACM

ACM TechNews

The Problem with 'Complex' Passwords


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Frustration is evident in the need to update passwords periodically.

The best passwords are still complex ones, but in a different way.

Credit: Johnny Simon/The Wall Street Journal

University of Strathclyde in Scotland's Karen Renaud said requiring complex passwords to deter hackers has the unintended effect of making the process too difficult for consumers, who then make it easier for hackers to gain access.

Remembering a complex password takes a significant amount of memorization and additional effort to reset the password when it is forgotten, leading consumers to use the same password everywhere or write it down.

Frequent required password changes make things worse by prompting consumers to use easier to remember passwords, like "May2021!," and simply changing the month as necessary.

Renaud said the best complex passwords are made of interconnected parts, rather than strings of nonsense letters, numbers, and characters.

Renaud suggested a passphrase comprised of at least three different words, which are easier to memorize and can be strengthened by using two different languages.

From The Wall Street Journal
View Full Article - May Require Paid Subscription

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


 

No entries found