Why '123456' is a great password

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/2455088/identity-access/why-123456-is-a-great-password.html

By Antone Gonsalves
CSO Online
July 17, 2014

New research shows that "123456" is a good password after all.

In fact, such useless credentials from a security standpoint have an 
important role in an overall password management strategy, researchers at 
Microsoft and Carleton University, Ottawa, Canada, have found.

Rather than hurt security, proper use of easy-to-remember, weak 
credentials encourages people to use much stronger passwords on the few 
critical sites and online services they visit regularly.

"Many sites ask for passwords, but they require no security at all," Paul 
C. Van Oorschot, a Carleton professor and a co-author of the research, 
said. "They basically want to get the email address to contact you, but 
there's nothing to protect."

Strong passwords would be more likely adopted if people learned to use 
them only on critical accounts, such as employer websites, online banking 
and e-commerce sites that store the user's credit card number. To be 
effective, this group should be small.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/