Information Security News
mailing list archives
Why '123456' is a great password
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 18 Jul 2014 08:54:47 +0000 (UTC)
By Antone Gonsalves
July 17, 2014
New research shows that "123456" is a good password after all.
In fact, such useless credentials from a security standpoint have an
important role in an overall password management strategy, researchers at
Microsoft and Carleton University, Ottawa, Canada, have found.
Rather than hurt security, proper use of easy-to-remember, weak
credentials encourages people to use much stronger passwords on the few
critical sites and online services they visit regularly.
"Many sites ask for passwords, but they require no security at all," Paul
C. Van Oorschot, a Carleton professor and a co-author of the research,
said. "They basically want to get the email address to contact you, but
there's nothing to protect."
Strong passwords would be more likely adopted if people learned to use
them only on critical accounts, such as employer websites, online banking
and e-commerce sites that store the user's credit card number. To be
effective, this group should be small.
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
- Why '123456' is a great password InfoSec News (Jul 18)