Slashdot Mirror

← Back to Stories (view on slashdot.org)

Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

Posted by Unknown on from the brain-full-try-again-later dept.

An anonymous reader tipped us to news that Microsoft researchers have determined that reuse of the same password for low security services is safer than generating a unique password for each service. Quoting El Reg: Redmond researchers Dinei Florencio and Cormac Herley, together with Paul C. van Oorschot of Carleton University, Canada ... argue that password reuse on low risk websites is necessary in order for users to be able to remember unique and high entropy codes chosen for important sites. Users should therefore slap the same simple passwords across free websites that don't hold important information and save the tough and unique ones for banking websites and other repositories of high-value information. "The rapid decline of [password complexity as recall difficulty] increases suggests that, far from being unallowable, password re-use is a necessary and sensible tool in managing a portfolio," the trio wrote. "Re-use appears unavoidable if [complexity] must remain above some minimum and effort below some maximum." Not only do they recommend reusing passwords, but reusing bad passwords for low risks sites to minimize recall difficulty.

5 of 280 comments (clear)

  1. Re:Dumb dumb dumb advice... by dskoll · · Score: 3, Funny

    Following up on myself: That research paper is awesome! Never before have I seen the use of partial differential equations to justify unequivocal bullshit. Amazing! They must've really worked hard on that.

  2. Re:Dumb dumb dumb advice... by retchdog · · Score: 4, Funny

    Never before have I seen the use of partial differential equations to justify unequivocal bullshit.

    Haven't read many research papers, have you? ;-)

    --
    "They were pure niggers." – Noam Chomsky
  3. So complex by Impy+the+Impiuos+Imp · · Score: 4, Funny

    So re-use low complexity passwords for unimportant sites and use high-complexity unique passwords for important sites.

    Got it. Low for my bank account, high for World of Warcraft.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  4. I got a fool proof method by 140Mandak262Jamuna · · Score: 1, Funny

    I apply ROT-13 encryption on my passwords TWICE, and write down the resulting string in a post it note and paste it to the *underside* of the key board. Ha, ha, I am really safe. I can use this technique on all the sites, high value... low value... no value... INBD.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  5. NSA approves of this! by MindPrison · · Score: 4, Funny

    Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

    This article has been approved by the NSA!

    --
    What this world is coming to - is for you and me to decide.