Microsoft Urges Users to Use Weak Passwords
Tags:
- Security
Last response: in Home Theatre
Anonymous
a
b
8
Security
July 16, 2014 1:50:26 PM
Microsoft researchers recommend that users pick weak passwords and reuse them — but only on low-impact sites.
Microsoft Urges Users to Use Weak Passwords : Read more
Microsoft Urges Users to Use Weak Passwords : Read more
More about : microsoft urges users weak passwords
skit75
July 16, 2014 2:08:38 PM
senkasaw
July 16, 2014 2:10:13 PM
Related resources
- when I try to use Internet, my computer ask me my user name and password in a Windows security message telling that is iexploe - Forum
- I bought a used router from Amazon, and received a user name and password to use. when i get to what is the security key i'm - Forum
- I can't get onto my computer at all , when I put password in it says user service failed to log on , I know I am using the rig - Forum
- i use admin as user and password as password as instructed by IP rep. Does not work! They have no answers. Is there a diffe - Forum
- i use admin as user and password as password as instructed by IP rep. Does not work! They have no answers. Is there a diffe - Forum
robochump
July 16, 2014 2:42:38 PM
sicom
July 16, 2014 3:16:33 PM
bison88
July 16, 2014 3:34:04 PM
Considering Microsoft artificially limits you to 16 characters on Hotmail/Outlook (and who knows what other of their services) this doesn't surprise me. There reasoning behind that was even shadier if you do a Google search on the topic. For a company of their size I'd expect them to be all over security issues like this.
Score
-5
amk-aka-Phantom
July 16, 2014 4:57:32 PM
Quote:
Only password I really need to remember is the one I set on my Excel spreadsheet with all my other passwords....heh. Sure there are Apps that do this but too lazy to transfer it all to any of them.Fun fact: IIRC, LibreOffice has a "bug" where it disregards password protection on MS Office files and reads them anyway.
Score
5
wiinippongamer
July 16, 2014 6:00:07 PM
icemunk
July 17, 2014 1:38:42 AM
Sites that force a certain criteria are stupid. One upper case, one letter, and 8 to 16 characters; well there's the hackers criteria when writing a program to figure them out. Stop putting stupid criteria for passwords! The user should be able to pick whatever they wish. I would say the best password would be a phrase that is easy to remember; like "thereisnowayanyoneisgoingtocrackthispassword" would be something for example. The constant rules not only makes it annoying for the user, it is also a major security flaw.
Score
6
virtualban
July 17, 2014 4:16:24 AM
Quote:
Quote:
Only password I really need to remember is the one I set on my Excel spreadsheet with all my other passwords....heh. Sure there are Apps that do this but too lazy to transfer it all to any of them.Fun fact: IIRC, LibreOffice has a "bug" where it disregards password protection on MS Office files and reads them anyway.
That bug does not work on me. I keep a plain text file. But while the account name may look familiar, the password instead has a reference that only I know. Similar to the password hint, just way too personalized and overcomplicated over the years.
Score
1
sylentz
July 17, 2014 4:55:10 AM
batteryhorsestaplecorrect -> http://xkcd.com/936/
Score
1
Floflo81
July 17, 2014 5:55:42 AM
Use this instead: https://addons.mozilla.org/fr/firefox/addon/password-ha...
Chrome equivalent: https://chrome.google.com/webstore/detail/password-hash...
Compatible Android app: https://play.google.com/store/apps/details?id=com.ginke...
Chrome equivalent: https://chrome.google.com/webstore/detail/password-hash...
Compatible Android app: https://play.google.com/store/apps/details?id=com.ginke...
Score
0
Durandul
July 17, 2014 7:06:12 AM
bourgeoisdude
July 17, 2014 7:24:59 AM
Weak pass"words" are relative. The correct horse battery staple example is best for passphrase strength. I would consider it simple, but it is also hard to guess (well not THAT one specifically anymore).
BEGIN rant
{
Sites that require alpha-numeric symbol punctuation space hyphen crypto stupidity passwords make it LESS likely people will create secure "passwords". So what, instead of password now they use P@ssword1! like that's much better or something. Of course the worst abomination of all is requiring security questions and only having preset ones. Yea industry let's make a counter-intuitive method that successfully weakens security for users while simultaneously making mothers and grandparents everywhere somehow feel safer about their weak password while making tech savvy users pull their hair out. It not already, it should be on the list of the 10 dumbest things in the universe.
} //rant
We also need to start using the term passphrase instead of password so that people will catch on that no pass"word" is secure.
BEGIN rant
{
Sites that require alpha-numeric symbol punctuation space hyphen crypto stupidity passwords make it LESS likely people will create secure "passwords". So what, instead of password now they use P@ssword1! like that's much better or something. Of course the worst abomination of all is requiring security questions and only having preset ones. Yea industry let's make a counter-intuitive method that successfully weakens security for users while simultaneously making mothers and grandparents everywhere somehow feel safer about their weak password while making tech savvy users pull their hair out. It not already, it should be on the list of the 10 dumbest things in the universe.
} //rant
We also need to start using the term passphrase instead of password so that people will catch on that no pass"word" is secure.
Score
0
booyaah
July 17, 2014 7:43:55 AM
I have a password protected TrueCrypt partition stored on my server with an Excel file that has all my banking passwords and such which are 24 character random alpha numeric strings.
I have an RD Gateway that I can login to from any Windows machine or the RD App on my S5 if I really need to access banking info on the go or in a pinch.
Basic password security is three things:
1) Make sure your password complex enough so that it isn't easily brute forceable or guessable.
2) Do not use the same password on multiple high value sites.
3) Don't do anything to get key logged (don't go to 'those' sites or click on 'that' email link).
And yes, I do use the same password across multiple community sites like toms, etc.
I have an RD Gateway that I can login to from any Windows machine or the RD App on my S5 if I really need to access banking info on the go or in a pinch.
Basic password security is three things:
1) Make sure your password complex enough so that it isn't easily brute forceable or guessable.
2) Do not use the same password on multiple high value sites.
3) Don't do anything to get key logged (don't go to 'those' sites or click on 'that' email link).
And yes, I do use the same password across multiple community sites like toms, etc.
Score
0
RCguitarist
July 17, 2014 7:56:25 AM
iogbrideau
July 17, 2014 9:45:25 AM
thethirdrace
July 17, 2014 10:48:00 AM
Password strategy 101 to remember unlimited number of different password:
1- Separate each site/service into 1 of 3 categories:
a- Official things you can't afford to be hacked
b- Things you'd be pissed to be hacked
c- Things you don't care to be hacked
2- Select a pattern with good security principles. You need numbers (N), upper (U) and lower (L) case letters and at least 1 symbol (S). A good pattern would be LNUUNLLS
3- Select numbers for each category defined at #1. For example, #1 could be 257, #2 could be 368 and #3 could be 479.
How it all comes together?
Say you visit NewEgg.com and we consider this a "B" type of site (pissed, but not catastrophic). You take the first 5 letters of the site and apply the pattern in #2 to get n3EW6eg!
Say you visit EA.COM (category -> not important), you get e4AC7om!
That way, you don't have to remember any password, you only have to remember your pattern. With this method, you can literally log into an unlimited number of sites/services without ever forgetting your password ever again. The best thing is, even if the site or service is compromised, you don't have the same password anywhere else. There's no way an hacker will take the time to find your password pattern so you can practically say you're 100% secure too.
1- Separate each site/service into 1 of 3 categories:
a- Official things you can't afford to be hacked
b- Things you'd be pissed to be hacked
c- Things you don't care to be hacked
2- Select a pattern with good security principles. You need numbers (N), upper (U) and lower (L) case letters and at least 1 symbol (S). A good pattern would be LNUUNLLS
3- Select numbers for each category defined at #1. For example, #1 could be 257, #2 could be 368 and #3 could be 479.
How it all comes together?
Say you visit NewEgg.com and we consider this a "B" type of site (pissed, but not catastrophic). You take the first 5 letters of the site and apply the pattern in #2 to get n3EW6eg!
Say you visit EA.COM (category -> not important), you get e4AC7om!
That way, you don't have to remember any password, you only have to remember your pattern. With this method, you can literally log into an unlimited number of sites/services without ever forgetting your password ever again. The best thing is, even if the site or service is compromised, you don't have the same password anywhere else. There's no way an hacker will take the time to find your password pattern so you can practically say you're 100% secure too.
Score
1
groundhogdaze
July 21, 2014 10:41:28 AM
Quote:
BEGIN rant
{
Sites that require alpha-numeric symbol punctuation space hyphen crypto stupidity passwords make it LESS likely people will create secure "passwords". So what, instead of password now they use P@ssword1! like that's much better or something. Of course the worst abomination of all is requiring security questions and only having preset ones. Yea industry let's make a counter-intuitive method that successfully weakens security for users while simultaneously making mothers and grandparents everywhere somehow feel safer about their weak password while making tech savvy users pull their hair out. It not already, it should be on the list of the 10 dumbest things in the universe.
} //rant
I Agree. The preset security questions are really, really irritating to me and more than half the time, I either don't want to write the answer (if a hacker compromises the site, they can potentially be able to access your personal answers and use it against you on another site) or I don't even know the answer myself because I'm conflicted on the answers like "What's your favorite hobby"? I don't have a "favorite" anything so I'm forced to put dummy answers in.
Score
0
Related resources
Read discussions in other Home Theatre categories
!