IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Better password policies could result in less credential reuse, academics find

New research points to complex passwords being less used across multiple services

Requiring longer and more complicated passwords could prevent people from using them in multiple websites and online services, according to new research.

According to a research paper from scientists at Indiana University, overcoming password reuse on such services could be easier than imagined. The researchers looked at the password policies of 22 universities in the US as well as 1.3 billion email addresses and passwords obtained from Exploit.in and Anti-Public combination lists.

From the 1.3 billion credentials found in the Exploit.in and AntiPublic datasets there were nearly 7.4 million email addresses associated with .edu domains.

Based on email addresses belonging to academic institutions, passwords were compiled and tested against a university's prescribed password policy. They discovered that longer, more complicated passwords or passphrases are ultimately less likely to be reused on other sites.

"Similar to length, there is a distinct trend towards higher complexity having a lower likelihood of being reused," said the researchers. One of the best performing universities in the research was Indiana University with a password a minimum requirement of 15 characters. This discouraged nearly all its users (99.98%) from reusing the same password on other sites.

"Additionally, we found that the majority of password policies were difficult to very difficult to read and understand according to the Flesch reading scale and typically have a literacy requirement of high school level."

The researchers recommended that organisations should Increase the minimum password length beyond 8 characters; increase maximum password length; disallow the user's name or username inside passwords; and contemplate multi-factor authentication.

"Our recommendations are not only applicable for universities, but also can be used by other organisations, services or applications," researchers said.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Machine learning vs AI vs NLP
Business strategy

Machine learning vs AI vs NLP

8 Jul 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
World’s biggest four-day working week trial kicks off in UK
flexible working

World’s biggest four-day working week trial kicks off in UK

6 Jun 2022
Pushing cloud AI closer to the edge
machine learning

Pushing cloud AI closer to the edge

1 Jun 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022