Home page logo

isn logo Information Security News mailing list archives

Why '123456' is a great password
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 18 Jul 2014 08:54:47 +0000 (UTC)


By Antone Gonsalves
CSO Online
July 17, 2014

New research shows that "123456" is a good password after all.

In fact, such useless credentials from a security standpoint have an important role in an overall password management strategy, researchers at Microsoft and Carleton University, Ottawa, Canada, have found.

Rather than hurt security, proper use of easy-to-remember, weak credentials encourages people to use much stronger passwords on the few critical sites and online services they visit regularly.

"Many sites ask for passwords, but they require no security at all," Paul C. Van Oorschot, a Carleton professor and a co-author of the research, said. "They basically want to get the email address to contact you, but there's nothing to protect."

Strong passwords would be more likely adopted if people learned to use them only on critical accounts, such as employer websites, online banking and e-commerce sites that store the user's credit card number. To be effective, this group should be small.


Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/

  By Date           By Thread  

Current thread:
  • Why '123456' is a great password InfoSec News (Jul 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]