Microsoft researchers recommend that users pick weak passwords and reuse them — but only on low-impact sites.
Microsoft Urges Users to Use Weak Passwords : Read more
Microsoft Urges Users to Use Weak Passwords : Read more
- Status
Considering Microsoft artificially limits you to 16 characters on Hotmail/Outlook (and who knows what other of their services) this doesn't surprise me. There reasoning behind that was even shadier if you do a Google search on the topic. For a company of their size I'd expect them to be all over security issues like this.
amk-aka-Phantom
Distinguished
- Mar 10, 2011
- 653
- 0
- 18,940
Fun fact: IIRC, LibreOffice has a "bug" where it disregards password protection on MS Office files and reads them anyway.
wiinippongamer
Distinguished
- Sep 9, 2009
- 35
- 0
- 18,590
Sites that force a certain criteria are stupid. One upper case, one letter, and 8 to 16 characters; well there's the hackers criteria when writing a program to figure them out. Stop putting stupid criteria for passwords! The user should be able to pick whatever they wish. I would say the best password would be a phrase that is easy to remember; like "thereisnowayanyoneisgoingtocrackthispassword" would be something for example. The constant rules not only makes it annoying for the user, it is also a major security flaw.
virtualban
Distinguished
- Feb 16, 2007
- 625
- 0
- 18,930
That bug does not work on me. I keep a plain text file. But while the account name may look familiar, the password instead has a reference that only I know. Similar to the password hint, just way too personalized and overcomplicated over the years.
Use this instead: https
/addons.mozilla.org/fr/firefox/addon/password-hasher/
Chrome equivalent: https/chrome.google.com/webstore/detail/password-hasher-plus-pass/glopbmohkffbnplcjbbbfmmimfhfnhgd
Compatible Android app: https/play.google.com/store/apps/details?id=com.ginkel.hashit
/addons.mozilla.org/fr/firefox/addon/password-hasher/Chrome equivalent: https
/chrome.google.com/webstore/detail/password-hasher-plus-pass/glopbmohkffbnplcjbbbfmmimfhfnhgdCompatible Android app: https
/play.google.com/store/apps/details?id=com.ginkel.hashit
bourgeoisdude
Distinguished
- Dec 15, 2005
- 142
- 0
- 18,630
Weak pass"words" are relative. The correct horse battery staple example is best for passphrase strength. I would consider it simple, but it is also hard to guess (well not THAT one specifically anymore).
BEGIN rant
{
Sites that require alpha-numeric symbol punctuation space hyphen crypto stupidity passwords make it LESS likely people will create secure "passwords". So what, instead of password now they use P@ssword1! like that's much better or something. Of course the worst abomination of all is requiring security questions and only having preset ones. Yea industry let's make a counter-intuitive method that successfully weakens security for users while simultaneously making mothers and grandparents everywhere somehow feel safer about their weak password while making tech savvy users pull their hair out. It not already, it should be on the list of the 10 dumbest things in the universe.
} //rant
We also need to start using the term passphrase instead of password so that people will catch on that no pass"word" is secure.
BEGIN rant
{
Sites that require alpha-numeric symbol punctuation space hyphen crypto stupidity passwords make it LESS likely people will create secure "passwords". So what, instead of password now they use P@ssword1! like that's much better or something. Of course the worst abomination of all is requiring security questions and only having preset ones. Yea industry let's make a counter-intuitive method that successfully weakens security for users while simultaneously making mothers and grandparents everywhere somehow feel safer about their weak password while making tech savvy users pull their hair out. It not already, it should be on the list of the 10 dumbest things in the universe.
} //rant
We also need to start using the term passphrase instead of password so that people will catch on that no pass"word" is secure.
booyaah
Distinguished
- Mar 17, 2006
- 18
- 0
- 18,560
I have a password protected TrueCrypt partition stored on my server with an Excel file that has all my banking passwords and such which are 24 character random alpha numeric strings.
I have an RD Gateway that I can login to from any Windows machine or the RD App on my S5 if I really need to access banking info on the go or in a pinch.
Basic password security is three things:
1) Make sure your password complex enough so that it isn't easily brute forceable or guessable.
2) Do not use the same password on multiple high value sites.
3) Don't do anything to get key logged (don't go to 'those' sites or click on 'that' email link).
And yes, I do use the same password across multiple community sites like toms, etc.
I have an RD Gateway that I can login to from any Windows machine or the RD App on my S5 if I really need to access banking info on the go or in a pinch.
Basic password security is three things:
1) Make sure your password complex enough so that it isn't easily brute forceable or guessable.
2) Do not use the same password on multiple high value sites.
3) Don't do anything to get key logged (don't go to 'those' sites or click on 'that' email link).
And yes, I do use the same password across multiple community sites like toms, etc.
RCguitarist
Honorable
- Apr 2, 2013
- 37
- 0
- 10,590
I'll tell you the most hack-proof way to keep your complex passwords safe and easily accessable....lean in because I don't want the nsa to hear this......write them down on a piece of paper.
iogbrideau
Estimable
- May 28, 2014
- 10
- 0
- 4,560
Ironic that my antivirus pops up with warnings about malicious ads on an article that talks about security.
Anyway that's pretty much what I already do with my passwords.
Anyway that's pretty much what I already do with my passwords.
thethirdrace
Honorable
- May 18, 2012
- 11
- 0
- 10,560
Password strategy 101 to remember unlimited number of different password:
1- Separate each site/service into 1 of 3 categories:
a- Official things you can't afford to be hacked
b- Things you'd be pissed to be hacked
c- Things you don't care to be hacked
2- Select a pattern with good security principles. You need numbers (N), upper (U) and lower (L) case letters and at least 1 symbol (S). A good pattern would be LNUUNLLS
3- Select numbers for each category defined at #1. For example, #1 could be 257, #2 could be 368 and #3 could be 479.
How it all comes together?
Say you visit NewEgg.com and we consider this a "B" type of site (pissed, but not catastrophic). You take the first 5 letters of the site and apply the pattern in #2 to get n3EW6eg!
Say you visit EA.COM (category -> not important), you get e4AC7om!
That way, you don't have to remember any password, you only have to remember your pattern. With this method, you can literally log into an unlimited number of sites/services without ever forgetting your password ever again. The best thing is, even if the site or service is compromised, you don't have the same password anywhere else. There's no way an hacker will take the time to find your password pattern so you can practically say you're 100% secure too.
1- Separate each site/service into 1 of 3 categories:
a- Official things you can't afford to be hacked
b- Things you'd be pissed to be hacked
c- Things you don't care to be hacked
2- Select a pattern with good security principles. You need numbers (N), upper (U) and lower (L) case letters and at least 1 symbol (S). A good pattern would be LNUUNLLS
3- Select numbers for each category defined at #1. For example, #1 could be 257, #2 could be 368 and #3 could be 479.
How it all comes together?
Say you visit NewEgg.com and we consider this a "B" type of site (pissed, but not catastrophic). You take the first 5 letters of the site and apply the pattern in #2 to get n3EW6eg!
Say you visit EA.COM (category -> not important), you get e4AC7om!
That way, you don't have to remember any password, you only have to remember your pattern. With this method, you can literally log into an unlimited number of sites/services without ever forgetting your password ever again. The best thing is, even if the site or service is compromised, you don't have the same password anywhere else. There's no way an hacker will take the time to find your password pattern so you can practically say you're 100% secure too.
groundhogdaze
Distinguished
- Oct 25, 2009
- 6
- 0
- 18,510
I Agree. The preset security questions are really, really irritating to me and more than half the time, I either don't want to write the answer (if a hacker compromises the site, they can potentially be able to access your personal answers and use it against you on another site) or I don't even know the answer myself because I'm conflicted on the answers like "What's your favorite hobby"? I don't have a "favorite" anything so I'm forced to put dummy answers in.
- Status
Similar threads
TRENDING THREADS
-
Question Are Snapdragon laptops able to run Stata?
- Started by shikwada1
- Replies: 0
-
Question Why are windows laptop cameras so bad compared to other's?
- Started by bakriwa5
- Replies: 2
-
-
Discussion What new phone technology trends should we keep an eye on?- Started by Vandna Jadhav
- Replies: 2
-
Question Best laptops for a student going to high school
- Started by joninte2
- Replies: 2
-
Question What if the EU forced laptop makers to allow upgradeable ram and storage?
- Started by kionbo2
- Replies: 2
-
Facebook
Twitter