Microsoft Urges Users to Use Weak Passwords

Status
Not open for further replies.

skit75

Distinguished
Oct 7, 2008
243
0
18,860
Most sites seem to require 8+ alphanumeric case sensitive characters with a symbol already so the choice is not really up to the end user anymore.
 

robochump

Distinguished
Sep 16, 2010
350
0
18,930
Only password I really need to remember is the one I set on my Excel spreadsheet with all my other passwords....heh. Sure there are Apps that do this but too lazy to transfer it all to any of them.
 

bison88

Distinguished
May 24, 2009
249
0
18,830
Considering Microsoft artificially limits you to 16 characters on Hotmail/Outlook (and who knows what other of their services) this doesn't surprise me. There reasoning behind that was even shadier if you do a Google search on the topic. For a company of their size I'd expect them to be all over security issues like this.
 

amk-aka-Phantom

Distinguished
Mar 10, 2011
653
0
18,940
Only password I really need to remember is the one I set on my Excel spreadsheet with all my other passwords....heh. Sure there are Apps that do this but too lazy to transfer it all to any of them.

Fun fact: IIRC, LibreOffice has a "bug" where it disregards password protection on MS Office files and reads them anyway.
 

icemunk

Distinguished
Aug 1, 2009
159
0
18,640
Sites that force a certain criteria are stupid. One upper case, one letter, and 8 to 16 characters; well there's the hackers criteria when writing a program to figure them out. Stop putting stupid criteria for passwords! The user should be able to pick whatever they wish. I would say the best password would be a phrase that is easy to remember; like "thereisnowayanyoneisgoingtocrackthispassword" would be something for example. The constant rules not only makes it annoying for the user, it is also a major security flaw.
 

virtualban

Distinguished
Feb 16, 2007
625
0
18,930
Only password I really need to remember is the one I set on my Excel spreadsheet with all my other passwords....heh. Sure there are Apps that do this but too lazy to transfer it all to any of them.

Fun fact: IIRC, LibreOffice has a "bug" where it disregards password protection on MS Office files and reads them anyway.

That bug does not work on me. I keep a plain text file. But while the account name may look familiar, the password instead has a reference that only I know. Similar to the password hint, just way too personalized and overcomplicated over the years.
 

Durandul

Honorable
Apr 23, 2013
10
0
10,560
Yep, as the article and others have mention, password manager. If you want to store them in a word file, but also make it secure, you can use 7-zip to compress files with a password, so it cannot be easily uncompressed without said password.
 

bourgeoisdude

Distinguished
Dec 15, 2005
142
0
18,630
Weak pass"words" are relative. The correct horse battery staple example is best for passphrase strength. I would consider it simple, but it is also hard to guess (well not THAT one specifically anymore).

BEGIN rant
{
Sites that require alpha-numeric symbol punctuation space hyphen crypto stupidity passwords make it LESS likely people will create secure "passwords". So what, instead of password now they use P@ssword1! like that's much better or something. Of course the worst abomination of all is requiring security questions and only having preset ones. Yea industry let's make a counter-intuitive method that successfully weakens security for users while simultaneously making mothers and grandparents everywhere somehow feel safer about their weak password while making tech savvy users pull their hair out. It not already, it should be on the list of the 10 dumbest things in the universe.
} //rant

We also need to start using the term passphrase instead of password so that people will catch on that no pass"word" is secure.
 

booyaah

Distinguished
Mar 17, 2006
18
0
18,560
I have a password protected TrueCrypt partition stored on my server with an Excel file that has all my banking passwords and such which are 24 character random alpha numeric strings.

I have an RD Gateway that I can login to from any Windows machine or the RD App on my S5 if I really need to access banking info on the go or in a pinch.

Basic password security is three things:
1) Make sure your password complex enough so that it isn't easily brute forceable or guessable.
2) Do not use the same password on multiple high value sites.
3) Don't do anything to get key logged (don't go to 'those' sites or click on 'that' email link).

And yes, I do use the same password across multiple community sites like toms, etc.
 

RCguitarist

Honorable
Apr 2, 2013
37
0
10,590
I'll tell you the most hack-proof way to keep your complex passwords safe and easily accessable....lean in because I don't want the nsa to hear this......write them down on a piece of paper.
 

iogbrideau

Estimable
May 28, 2014
10
0
4,560
Ironic that my antivirus pops up with warnings about malicious ads on an article that talks about security.

Anyway that's pretty much what I already do with my passwords.
 

thethirdrace

Honorable
May 18, 2012
11
0
10,560
Password strategy 101 to remember unlimited number of different password:

1- Separate each site/service into 1 of 3 categories:
a- Official things you can't afford to be hacked
b- Things you'd be pissed to be hacked
c- Things you don't care to be hacked

2- Select a pattern with good security principles. You need numbers (N), upper (U) and lower (L) case letters and at least 1 symbol (S). A good pattern would be LNUUNLLS

3- Select numbers for each category defined at #1. For example, #1 could be 257, #2 could be 368 and #3 could be 479.

How it all comes together?

Say you visit NewEgg.com and we consider this a "B" type of site (pissed, but not catastrophic). You take the first 5 letters of the site and apply the pattern in #2 to get n3EW6eg!

Say you visit EA.COM (category -> not important), you get e4AC7om!

That way, you don't have to remember any password, you only have to remember your pattern. With this method, you can literally log into an unlimited number of sites/services without ever forgetting your password ever again. The best thing is, even if the site or service is compromised, you don't have the same password anywhere else. There's no way an hacker will take the time to find your password pattern so you can practically say you're 100% secure too.
 

groundhogdaze

Distinguished
Oct 25, 2009
6
0
18,510
BEGIN rant
{
Sites that require alpha-numeric symbol punctuation space hyphen crypto stupidity passwords make it LESS likely people will create secure "passwords". So what, instead of password now they use P@ssword1! like that's much better or something. Of course the worst abomination of all is requiring security questions and only having preset ones. Yea industry let's make a counter-intuitive method that successfully weakens security for users while simultaneously making mothers and grandparents everywhere somehow feel safer about their weak password while making tech savvy users pull their hair out. It not already, it should be on the list of the 10 dumbest things in the universe.
} //rant

I Agree. The preset security questions are really, really irritating to me and more than half the time, I either don't want to write the answer (if a hacker compromises the site, they can potentially be able to access your personal answers and use it against you on another site) or I don't even know the answer myself because I'm conflicted on the answers like "What's your favorite hobby"? I don't have a "favorite" anything so I'm forced to put dummy answers in.
 
Status
Not open for further replies.