The research paper gets into some advanced mathematical calculations to determine the right combination of risk versus security, combined with an analysis of what average users are capable of and realistic expectations for what average users are willing to do. The team stops short of issuing definitive advice — noting that there are a number of variables involved and that more research is necessary to determine if their approach is truly superior.
Decide for yourself. You know whether or not you're following the established password best practices. If you're not — and you're already re-using simple passwords despite advice to the contrary from every security expert, perhaps you should give this approach a try.
Sign up for Computerworld eNewsletters.