Editing Password (section)

=== Password reuse ===

It is common practice amongst computer users to reuse the same password on multiple sites. This presents a substantial security risk, because an [[Hacker (computer security)|attacker]] needs to only compromise a single site in order to gain access to other sites the victim uses. This problem is exacerbated by also reusing [[User (computing)|usernames]], and by websites requiring email logins, as it makes it easier for an attacker to track a single user across multiple sites. Password reuse can be avoided or minimized by using [[Mnemonic|mnemonic techniques]], [[#Writing down passwords on paper|writing passwords down on paper]], or using a [[password manager]].<ref name="Keir-PCWorld-2011">{{cite web | url=http://www.pcworld.com/article/219303/password_use_very_common_research_shows.html | title=Password Reuse Is All Too Common, Research Shows | work=[[PC World]] | date=10 February 2011 | access-date=10 August 2014 | author=Thomas, Keir | url-status=live | archive-url=https://web.archive.org/web/20140812204649/http://www.pcworld.com/article/219303/password_use_very_common_research_shows.html | archive-date=12 August 2014 }}</ref>

It has been argued by Redmond researchers [[Dinei Florencio]] and Cormac Herley, together with Paul C. van Oorschot of Carleton University, Canada, that password reuse is inevitable, and that users should reuse passwords for low-security websites (which contain little personal data and no financial information, for example) and instead focus their efforts on remembering long, complex passwords for a few important accounts, such as bank accounts.<ref name="Darren-Microsoft-Register">{{cite web | url=https://www.theregister.co.uk/2014/07/16/redmond_says_password_reuse_is_more_than_okay_its_necessary/ | title=Microsoft: You NEED bad passwords and should re-use them a lot | work=[[The Register]] | date=16 July 2014 | access-date=10 August 2014 | author=Pauli, Darren | url-status=live | archive-url=https://web.archive.org/web/20140812210549/http://www.theregister.co.uk/2014/07/16/redmond_says_password_reuse_is_more_than_okay_its_necessary/ | archive-date=12 August 2014 }}</ref> Similar arguments were made by [[Forbes]] in not change passwords as often as some "experts" advise, due to the same limitations in human memory.<ref name="Joseph-Steinberg-Forbes">{{cite news | url=https://www.forbes.com/sites/josephsteinberg/2014/11/12/why-you-should-ignore-everything-you-have-been-told-about-choosing-passwords/ | title=Forbes: Why You Should Ignore Everything You Have Been Told About Choosing Passwords | work=[[Forbes]] | date=12 November 2014 | access-date=12 November 2014 | author=Joseph Steinberg | url-status=live | archive-url=https://web.archive.org/web/20141112170839/http://www.forbes.com/sites/josephsteinberg/2014/11/12/why-you-should-ignore-everything-you-have-been-told-about-choosing-passwords/ | archive-date=12 November 2014 }}</ref>