Go for strong passwords

Is it exhausting for you to come up with a new password every time you make a new account somewhere? Well, it turns out that the all-too-common practice of using the same email address/password combination to log into multiple websites can be damaging.

According to a recent study, the practice can cause more harm to the employers with many users and valuable assets protected by passwords, like in universities.

“If someone uses their university email address and passphrase to sign up for, say, LinkedIn, and LinkedIn is breached by cybercriminals, that would mean their university password is sitting on the web for everyone to see,” said Indiana University's Dan Calarco, co-author of the study.

“We found that requiring longer and more complicated passwords resulted in a lower likelihood of password reuse,” the authors write in the paper, Factors Influencing Password Reuse: A Case Study. The authors are Jacob Abbott, an IU Bloomington Ph.D. student; Daniel Calarco, chief of staff for the IU Office of the Vice President for IT and CIO; and L. Jean Camp, a professor in the IU Bloomington School of Informatics, Computing and Engineering. The study found that stringent password rules significantly lower a university’s risk of personal data breaches.

The authors offer the following recommendations to safeguard passwords: Increase the minimum password length beyond 8 characters. Increase the maximum password length.

Disallow the user’s name or username inside passwords. Contemplate multi-factor authentication.

Multi-factor authentication is becoming more common and usable. IU, for example, employs Two-Step Login. With the potential benefits of reducing the risk of password reuse, multi-factor authentication may be a viable alternative to changing the length and/or complexity of password policies.  — ANI