Stop me if you’ve heard this one before: You should use unique, complex passwords for every login you have to manage, and you should employ a password management utility to keep track of it all. That is the prevailing advice, but a couple Microsoft researchers have come to the conclusion that it might be the wrong approach.
Two Microsoft researchers, Dinei Florencio and Cormac Herley, in partnership with Paul C. van Oorschot from Carleton University in Ottawa, Canada, have published a paper titled “Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts.” The team set out to determine why it is that so many users ignore the established best practices for passwords and whether or not those best practices really make the most sense.
To read this article in full or to leave a comment, please click here