View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Maybe the password isn’t so bad after all….

New research from Microsoft is blasphemy for security.

By Cbr Rolling Blog

Password’s are terrible, aren’t they? It’s a cliché you must be used to hearing, not least from CBR, and if you ask anyone in security they will no doubt say it’s so.

Experts have long despaired at the poor habits of users when it comes to our login details. Not only do many of us not even bother to change them from the default, when we do pick passwords they are easy to guess and we reuse them across multiple sites – meaning a hack against one is a hack against all.

But Microsoft is not so sure. In partnership with Carleton University, Canada the computer giant is dissenting from common wisdom, claiming that password strategies "that rule out password reuse or the use of weak passwords are suboptimal".

"Suboptimal" might not sound damning, but in an industry where defence of the password is quickly becoming blasphemous this might be one of the year’s most striking admissions.

So why has Microsoft said this? The company does not dispute that weak passwords are security risks, nor that reuse can cause a domino effect, as was feared with the Heartbleed scandal. What it does question is whether the effort to create strong passwords for each account could not be better spent.

"Optimal password grouping tends to group together accounts with high value and low probability of compromise and group together accounts of low value and high compromise probability," it said.

How the punter determines which companies are on the verge of being hacked when even they cannot tell was not explained, but basically you should have one password for PayPal and another for Reddit. It’ll do while we wait for retinal scanning, at least.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU