Passwords don’t have to be Long and Complex

Written by Amit Agarwal on Jul 20, 2010

A reason why organizations require you to create long and complex passwords is to prevent hackers from guessing  your passwords.

Hackers on the other no longer do dictionary attacks as that will lock the account that they are trying to hack. Instead they have a database of common passwords that they try across millions of accounts and they may hit the jackpot in some cases.

Microsoft researchers have therefore come up a different idea to deal with this problem. Instead of requiring people to create complex passwords, they look at how many people are currently using a password and it becomes too common, they ban people from using it.

The service simply counts how many times any user on the service chooses a given password. When more than a small number of users pick a password, the password is banned and no one else is allowed to choose it.

Since no passwords are allowed to become too common, attackers are deprived of the popular passwords they require to compromise a significant faction of accounts using online guessing.

Document Studio

Generate beautiful and pixel-perfect documents in PDF, Word, Excel or PowerPoint.

Download New
Mail Merge

Send personalized emails from Gmail, include unique attachments, track opens and more.

Download Popular
Save Emails

Download email messages and file attachments from Gmail to your Google Drive.

Download Popular

Subscribe to our Email Newsletter