Topic: Microsoft tells users to stop using strong passwords everywhere (Read 5712 times)

Any decent service will block you (at least temporarily) after trying to enter a few wrong combinations, so it doesn't depend on how powerful your machine is.

My online banking account just let me put 4 numbers Pin  but if i want to withdraw some money from my account for that there is 2FA.

Yes  that's correct... The 2FA system is very  good system.

What is more annoying is some crappy sites like Dominos pizza have annoying password rules.. so simple passwords won't work.

Not "everywhere". This is nothing new. No need to use very strong passwords on sites w/ no connection to financial/personal information, really. Not the end of the world if you lose access.

Many sites have restrictions which either restrict the time allowed between login attempts and/or lock you out after a set number of failed attempts.

Microsoft sucks dick.  that's all i have to say.

What does not seem correctly to me is to keep the password in the same computer or written down in a paper, in the computer anyone can stole it and in paper you can lose it.
So if you put a strong password but you do some of the above is the same or worst that if you put a weak one.

- Sites limiting the size of passwords is just stupid.
- Most password crackers begin with hacking a copy of the database password hashes rather than bruteforcing the password field of a website
- Any site of any worth will use password salting which makes it much harder for an attacker to brute force your password from a hash stored in the database
- You need at least an 80 bit password.
- The keyspace is what password crackers work on, that and a number of common password patterns people use.

If you use lower and upper case, numbers and special characters then the keyspace is about 96 characters ( a-z, A-Z, 0-9, !-? ). Chances of attaining 80 bits or higher with an 8 or higher character password are good if you use the full character set.

Problem is they are difficult to memorise.

Try http://www.safepasswd.com and set it to Easy To Remember, and set the password length to 10 for your dumb password, and to 18 for your hard one.
Easy: bRitain8@2
Hard: H#iNTerceptor23rAid1

Use your easy password for everything except stuff that matters, use the hard password and if no length restrictions, the easy password for everything else

i.e. H#iNTerceptor23rAid1+bRitain8@2
------- Hard -------------- Easy ---

If an attacker nabs your easy password from other site they won't be able to use it to help them one bit with breaking the longer password, because in of itself, its not crackable by any password cracker on this earth at this point in time.

If the site that you are using the password for properly restricts login attempts by both IP address and by username then it should be very difficult to gain access to even a weak password if the attacker doesn't have a hash of the password.

Or a deterministic password?

I have "strong" password for only a couple of things like bitcoin wallet and email, but only writen on my mind, if you type it everywhere so it stops being "strong", for the rest i have weak.

"Write down your password... Your wallet is a lot more safe than your computer"

-- Whitfield Diffie (co-inventor of public key cryptography)

My password is always changing  because my online bank account want me to change it every 3 months and use a password that was not used in the last 12 changes ... that's like 36 months ... so I invent a new password every 3 months and after 1 week of inventing it I'm at the bank requesting for a reset and The second password I make i remember .... this is happening to me for more than 3 years now

Thanks for the 'advice' Microsoft 

Think I'll stick with http://keepass.info/ for managing my passwords

This is why I like the idea of using biometrics for everything. People get lazy when it comes to choosing a password but will put up a fight about somebody trying to steal an eyeball.

Don't worry, Ellen DeGeneres has the perfect solution!

What did I just read 
Well strong passwords offer better protection against Bruteforcing,Cracking etc
My password is about 10 Digits/Letters long and it is pretty unique.

I agree, this is full of risks that just are not worth taking.

What if your house were to catch fire, then all of a sudden you would not even be able to log into your bank account (along with all your other accounts).