Looks like one of the password practices IT folks often recommend has been mostly ignored.
People commonly use the same usernames and passwords across multiple accounts. That means is one account is hacked, then all the others are at risk.
That’s an especially big problem if someone’s using the same password in both personal and work-related settings.
A recent study by a security researcher at Cambridge University shows how common password reuse is.
Joseph Bonneau compared the information stolen in recent data breaches from two popular websites, rootkit.com and gawker.com.
Based on their e-mail addresses, Bonneau found 456 users whose log-in information was stolen in both breaches — and of those, 43% used the same password for both sites. If you include passwords that had only slight variations, the number climbs to 49%.
Password reuse is probably less common when users are dealing with sensitive corporate accounts, but it would still be worth warning users about the importance of password variation.