Picking a solid password and remembering it can be a challenge for anyone—even alleged Russian spies, as it turns out. According to Technology Review, Microsoft Researchers have thought up a new, rather interesting scheme to balance usability and security.
One of the Microsoft studies quoted by Technology Review suggests services only tend to raise password complexity requirements when they have no competition, since users can't take their business elsewhere. Government sites are cited as one example. Surprisingly, the study found no correlation between "the value of a consumer's account, the amount of attacks that the website suffered, and the complexity of the passwords that the website operators forced on their users."
With that in mind, Microsoft researchers propose a simple middle ground: allow users to pick simple passwords, but limit how many users can have the same password. That system would impede hackers who prey on popular services with large numbers of subscribers. While those services typically lock down accounts after a few erroneous login attempts, hackers still manage to break through by trying a handful of very common passwords across many accounts at once.
Don't look for revised password rules on Windows Live Mail anytime soon, though; Technology Review says Microsoft has "no plans to implement the new scheme in any Microsoft products yet." (The researchers are only looking for feedback at this point.)
I'm not a big fan of overly elaborate password requirements myself, but I'm surprised more folks don't think of using passphrases. Take a simple sentence: "I don't like long passwords." It's 24 characters long, contains upper- and lower-case letters and two non-alphanumeric characters, and isn't hard to type or remember. Microsoft's own password checker gives it top marks, too. Surely, encouraging the use of passphrases beats letting folks use "password" and "1234."
|1. BIF - $340||2. chasp_0 - $251||3. mbutrovich - $250|
|4. Ryu Connor - $250||5. YetAnotherGeek2 - $200||6. aeassa - $175|
|7. dashbarron - $150||8. Lucky Jack Aubrey - $100||9. Captain Ned - $100|
|10. Anonymous Gerbil - $100|
|OCZ RD400 NVMe SSD heats up the enthusiast storage game||28|
|Samsung's 750 EVO SSD family grows with a 500GB model||8|
|Report: Windows Phone market share drops below 1%||71|
|Cryorig teases a distinctive pair of Mini-ITX cases||32|
|Radeon Software Crimson Edition 16.5.3 gears up for Overwatch||13|
|Rumor: a GP102 GeForce Titan and GTX 1080 Ti are in the works||117|
|We need your input as we plan the "second-10th" TR BBQ||30|
|Revive patch developers fire back by disabling Oculus DRM||32|
|Nvidia 368.22 drivers are tuned for Overwatch||18|