By now you’re probably sick of hearing the password mantras “use long, complex passwords”, and “don’t reuse specific passwords for multiple accounts”. Sick or not, that advice is still valid, and anyone who signs in to online services should be following it.

But you can make your online life a bit easier if you give some thought to the risk associated with each account you’re trying to protect. A password used to access an obscure web forum doesn’t need to be as complex (and difficult to remember) as the password for your online bank account.

Researchers from Microsoft and Carleton University have done the math, and conclude that this risk-based approach is sound.

We still strongly recommend the use of an offline password manager such as Password Corral or Password Safe. But at least now you can consider using easier-to-remember passwords for some accounts.