Maybe You Don’t Have to Use Strong Passwords for Every Account After All

The Citizen's Guide to the Future
July 16 2014 3:17 PM

Maybe You Don’t Have to Use Strong Passwords for Every Account After All

password
Maybe it’s not so bad that your password is 12345678.

Photo from Shutterstock/Cefo Design.

If you need strong passwords for every one of your accounts, from your local public library to your grocery store rewards card, then you just have to use a password manager. There's no other way to keep your letters, numbers, and symbols straight. But maybe the premise that you need strong passwords for everything is wrong. A new Microsoft study wants to give everyone a break.

Microsoft researchers Dinei Florêncio and Cormac Herley, along with Paul C van Oorschot from Carleton University in Canada, note that password managers generate great random login information, but can cause problems if users forget their master password.* As the Guardian reports, password managers also store passwords locally or in the cloud, and both approaches can be susceptible to hacks. The researchers wrote, “It introduces severe new risks: if the master password is guessed or used on any malware-infected client, or the cloud store is compromised, then all credentials are lost.”

Advertisement

Instead, the group argues that people should use weak, memorable passwords or the same password for low-importance accounts. That way they can focus on memorizing a few strong, diverse passwords for their most sensitive accounts, like email and banking. This seems especially appealing since password managers are difficult to use properly in the first place. (For instance, they make it harder to use a friend’s computer to log into your Gmail account.)

If you're currently using a password manager successfully this study might not be grounds to give it up, but if you've done absolutely nothing about password security when you know you should, this might be a good strategy to start with. Just make sure those important passwords really are super secure.

Correction, July 16, 2014: This post originally misspelled Carleton University.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.

TODAY IN SLATE

Politics

Don’t Worry, Obama Isn’t Sending U.S. Troops to Fight ISIS

But the next president might. 

The Extraordinary Amicus Brief That Attempts to Explain the Wu-Tang Clan to the Supreme Court Justices

Amazon Is Officially a Gadget Company. Here Are Its Six New Devices.

The Human Need to Find Connections in Everything

It’s the source of creativity and delusions. It can harm us more than it helps us.

How Much Should You Loathe NFL Commissioner Roger Goodell?

Here are the facts.

Altered State

The Plight of the Pre-Legalization Marijuana Offender

What should happen to weed users and dealers busted before the stuff was legal?

Surprise! The Women Hired to Fix the NFL Think the NFL Is Just Great.

You Shouldn’t Spank Anyone but Your Consensual Sex Partner

Moneybox
Sept. 17 2014 5:10 PM The Most Awkward Scenario in Which a Man Can Hold a Door for a Woman
  News & Politics
Altered State
Sept. 17 2014 11:51 PM The Plight of the Pre-Legalization Marijuana Offender What should happen to weed users and dealers busted before the stuff was legal?
  Business
Business Insider
Sept. 17 2014 1:36 PM Nate Silver Versus Princeton Professor: Who Has the Right Models?
  Life
Dear Prudence
Sept. 18 2014 6:00 AM All Shook Up My 11-year-old has been exploring herself with my “back massager.” Should I stop her?
  Double X
The XX Factor
Sept. 17 2014 6:14 PM Today in Gender Gaps: Biking
  Slate Plus
Slate Fare
Sept. 17 2014 9:37 AM Is Slate Too Liberal?  A members-only open thread.
  Arts
Brow Beat
Sept. 17 2014 8:25 PM A New Song and Music Video From Angel Olsen, Indie’s Next Big Thing
  Technology
Future Tense
Sept. 17 2014 9:00 PM Amazon Is Now a Gadget Company
  Health & Science
Bad Astronomy
Sept. 18 2014 7:30 AM Red and Green Ghosts Haunt the Stormy Night
  Sports
Sports Nut
Sept. 17 2014 3:51 PM NFL Jerk Watch: Roger Goodell How much should you loathe the pro football commissioner?