With the new data in hand, Bonneau found that 49 percent of users whom he was able to match across both sites had the used the same password for their login credentials. Six percent of them differed their passwords by changing capitalization or adding a small suffix (that is, something like "password" and "password1").

Previous studies have shown password reuse rates of between 12 and 20 percent, so the implication is that Web users are getting lazier. However, it's extremely hard to perform studies of this nature because of limited data sources; no organization will make available their live password data for cracking, and certainly no organization where the passwords protects important data (such as banks, where the question of password reuse is all the more important).

Bonneau says that if the close-to 50 percent rate of resuse is true, then rainbow table lookups could become a profitable use of time and resources for cybercriminals, potentially opening up a new avenue of attack.

So, what can we do to avoid getting caught-up in such a mess? Firstly, try and use a different username at every Website you visit. If a site relies on your e-mail address as a username, then contact the organization concerned to say that this raises security issues.

Secondly, and perhaps this is obvious, use different passwords across the sites you visit. This means remembering many passwords but there are tricks to get around this, and also tricks to generate good quality passwords.