I’ve mentioned Troy Hunt’s writings here before. Hunt writes regularly on security and always has something interesting to say. Last year I wrote about Hunt’s analysis of passwords from the Sony compromise and—sorry but it’s true—the stupid choices people make about passwords. Others have already commented that those people have learned nothing because the same weak, well-known passwords keep showing up, this time on Yahoo!.
It turns out, though, that it’s much worse than we thought. Hunt was interested in password reuse so he compared the passwords used by people who had accounts on both Sony and Yahoo!. Unbelievably, he found that a year after the Sony exploit 59% of users who also had an account on Yahoo! were still using the exact same password on Yahoo!. This despite the fact that those passwords have been public knowledge for over a year.