Why Microsoft Recommends Reusing Old Passwords
New findings in an extensive research report reveal two surprises that run against everything you’ve heard about your passwords and their safety. The first is: write them down. The second is: reuse them.
The research results are raising a lot of eyebrows for obvious reasons, but there may be something to it.
What About Conventional Wisdom?
Of course, conventional wisdom holds the exact opposite. We’ve been told for as long as we can remember not to write passwords down, and absolutely not to reuse them. Those rules make sense in an office setting, but people are unlikely to break into your home looking for password information, so writing them down and keeping them in a safe place at home doesn’t carry the same kind of risk as it does in the workplace environment.
As to reusing old passwords, the key is to do so selectively. The research recommends breaking your internet accounts into two groups: sensitive and not-so-sensitive. Make highly complex passwords for your sensitive accounts and don’t reuse these.
For your not so sensitive accounts, simpler is usually better, and for these, it’s fine to reuse old passwords. It just makes it easier to remember so you can focus on making really complex passwords for the accounts that matter.
A Simple System
If you can’t quite break out of the old habits, and can’t bring yourself to start writing passwords down and don’t want to reuse them, then here’s a simple mnemonic trick that will help you keep everything straight. For your not terribly sensitive accounts, pick a password. Could be anything. As a prefix to the password, add the first three letters of the site you’re logging onto. As a suffix, use the @ symbol and some number, then increment the number if and when you change the password in the future.
For example, if you’re one of the six remaining humans who still uses hotmail, and your chosen word is bananabread, then your password for hotmail would be hotbananabread@01. You could then recycle that scheme for every other site and thus create fairly complex passwords that are also not hard to remember.
You Need To Create A Balance
In any case, the reason for the research and the reason for all the concern is that hacking attacks are becoming increasingly prevalent on the internet. Their increasing frequency has more and more people thinking about security and trying to find ways to create an optimal balance between security and the time invested in it. Yes, it is possible to engineer a virtually hack-proof security system for yourself. Doing so might cost an arm and a leg and eat up an inordinate amount of your day, but you could do it. Having done so, however, you’d likely drive yourself batty trying to maintain it, and live within the self-imposed parameters that such a system would shackle you to, so clearly a balance must be struck.
That was the ultimate reason for the research, which represents the latest attempt at finding, then striking that balance between reasonable security and reasonable time commitment required. It’s not perfect, but is an excellent place to begin.