Microsoft tells users to stop using strong passwords everywhere

Microsoft tells users to stop using strong passwords everywhere

http://www.theguardian.com/technology/2014/jul/16/microsoft-stop-using-strong-passwords-everywhere

<< Weak passwords have their place, argues new research from Microsoft, and they help users conserve brainpower for where it is needed. >>

Users should use and reuse weak passwords for websites which don't hold valuable information, say researchers from Microsoft, overturning decades of accumulated wisdom on internet security.

By not having to worry about remembering complex unique passwords for every individual website, users can focus their efforts on recalling secure passwords for high-value sites like banking or e-commerce.

I don't see the "everywhere" from your title.

Another article for hits made by theguardian

I have had this stance for long. Let's take places like random forums and semi-useful services that don't carry any financial risks or allow access to other places, is strong passwords really needed in those?

Most users believe their best password is strong while it is not. If they are allowed to use their weak passwords, it will be too weak. Shocked

What about having one strong password for some kind of keychain (with proper backups) that would remember all of the very strong passwords for each site?

They should tell users to spend 1 month or 2 in some memorization course, then no more need to worry about wasting brain hash power with passwords.

Well how much "brain power" is really used in strong passwords? Personally, I have an algorithm that I use to memorize all my passwords. But if the algo is leaked somehow some of my passwords could be comprised. So that's risky, but then again, I don't waste any "brain power" lol.

flash drive! no brain memory required. Only password I memorize is email in case I need it on the go. But ya, I'm not going to waste my time with a strong password for a site with no important info. I like how my school requires "strong" passwords, I'm so afraid that someone will get into my account and do my homework for me

Quote from: robbyd86 on July 17, 2014, 03:26:23 AM

Or lastpass. I haven't tried it personally but I've heard some VERY good things about it.

I already do this. I have a few differnt ones on sites I'm unsure of and more complex variations for more important needs. When I go to an unimportant site I have an idea right away what the password would be based on it's importance to me and then I usually guess right after a couple tries. Best to write the unimportant ones down and put them someplace safe.

or use a password manager and memorize only one strong password.

Write on a piece of paper and put it on your wallet. No need to memorize those strong passwords.

Quote from: niothor on July 16, 2014, 08:02:10 PM

My online banker doesnt allow a password over 7 characters long. Thats not secure now is it.. I thought this was such a joke I brought it up to the customer service, and they really had nothing to say.. Seriously...?

Quote from: shkiser on July 17, 2014, 04:39:54 AM

Having an online password of 7 characters is fairly secure. You can't brute force a web password if they programmed it correctly.

Is this Microsoft's way of saying that their involvement in PRISM et al has proven difficult, that their backdoors aren't working for them and that we should make passwords easier for them to crack? What a tit.
Always use a complex password with uppercase, lowercase, numbers and special characters where allowed.

Quote from: Vod on July 17, 2014, 07:14:34 AM

Quote from: shkiser on July 17, 2014, 04:39:54 AM

Having an online password of 7 characters is fairly secure. You can't brute force a web password if they programmed it correctly.

7 characters would be something like 12,000 hours on a really crummy pc. So better machines would reduce that a lot. So 7 certainly is crackable.

Quote from: umairbacklink on July 17, 2014, 04:34:08 AM

Write on a piece of paper and put it on your wallet. No need to memorize those strong passwords.

I did that once with a email account and forgot to pull that paper out of my trousers before putting them in the washing machine, remembered the secret question thankfully.

Quote from: shkiser on July 17, 2014, 04:39:54 AM

Quote from: niothor on July 16, 2014, 08:02:10 PM

My online banking account requires a second code sent to my personal phone (2FA).
Also all the banks here rely either on a sms code or a token for extra security.

And I live in Romania......

Quote from: bitbaby on July 17, 2014, 11:55:20 AM

Quote from: umairbacklink on July 17, 2014, 04:34:08 AM

Write on a piece of paper and put it on your wallet. No need to memorize those strong passwords.

I did that once with a email account and forgot to pull that paper out of my trousers before putting them in the washing machine, remembered the secret question thankfully.

My usual password is 13-17 characters long, with a mix of upper/lower case, and numbers.. Its easy to remember bc I use it often. 7 letter password doesnt seem safe to me for online banking. I thought it was odd they only allowed 7 characters aswell..

The importance a lot of people attach to such a topic never ceases to amaze me.
If someone wants your data and you do have something significant online - they will get it.
If you really do think its too important to be shared why the hell is it online (or on a PC to be more precise) in the first place? Huh

Of course things are never quite that black and white, but I can't help feeling a lot of the time that a lot of people make a decent wedge out of talking crap about passwords and data security.