Use Weak Passwords, Says Microsoft Researchers

No, you read that correctly. New research from Microsoft has made the case for weaker passwords.

Contrary to popular belief, researchers at Microsoft have said that users should use and reuse easy and weak passwords on sites and services that do not hold sensitive information so that we can focus our password skills on where it really matters like online banking.


Photo: Mihai Simonia / Shutterstock

Researchers, Dinei Florêncio, Cormac Herley at Microsoft and Paul C van Oorschot from Carleton University said that users are also at risk of using password managers and storing passwords in the cloud. They are effectively trading “one set of risks for another”.

“We review why mandating exclusively strong passwords with no re-use gives users an impossible task as portfolio size grows,” said the researchers in their abstract of their study, which examined the skills needed to managed a growing number of online accounts.

“Our findings directly challenge accepted wisdom and conventional advice. We find, for example, that a portfolio strategy ruling out weak pass-words or password re-use is sub-optimal. We give an optimal solution for how to group accounts for re-use, and model-based principles for portfolio management.”

The researchers say that we are loading our brains with too many passwords, which are next to “impossible” to always remember.

“Clearly, users find managing a large password portfolio burdensome,” they said in their study. “Both password re-use, and choosing weak passwords, remain popular coping strategies.”

Their solution is to assess the importance and sensitivity of every account we use and determine if such an account really needs a super strong password if the content is just a collection of cat GIFs rather than your bank balance.

You can read the full study here. What do you think of their findings? Are they a good idea? Let us know in the comments below.