12 October 2018 - password reuse

How do you prevent people from reusing the same password across different websites, losing what little security they had? According to research from Indiana University, it’s easy: Make up complicated password rules that mere users can’t understand, and then they won’t be able to reuse passwords. It’s especially good if your rules are unique and different. In other words, current policy is close to optimal, except that organizations are too friendly.