There are four forms of password reuse and they all are bad

The first and easiest to prevent is the use of the same password on the same account. For example, if my username is michael.schenck, my password is Football123, and the system prompts me to change my password but lets me use Football123 again – then I’m reusing an old password. This is a problem because old password databases may have been stolen and cracked, in which case the Football123 password could be compromised. In this scenario, the credentials (which a hacker now has access to) will still work today. Remember, the internet never forgets.

The most common form of password reuse is the use of the same password and email/account name for multiple sites and services (e.g., using Football123 as the password for your email, Netflix, bank, and personal Microsoft account). If one account is hacked, you must assume all are hacked. This can be especially messy since the average business employee must keep track of 191 passwords and changing all 191 would take several days.

A related form of password reuse blends the last two together – reusing the same password across accounts with different usernames. Most workplace IT configurations won’t let users reuse passwords. However, when an employee changes companies, their former employer’s password history controls no longer apply. This allows older passwords to be used at a new job. This, too, is a bad practice. As the databases of passwords on the dark web and open-source intelligence sources continue to grow, it becomes easier for a hacker to link a password to a person – regardless of the account username or the company they work for.

The last form of password reuse is the use of a common password. Every year numerous publications list the top 10, 20, 100 passwords used in the previous year. For example, in 2020 more than 2.5 million people used the password “123456.” Lists of popular passwords are used by hackers to script – or brute-force – logins to gain access. If you use any of these common passwords, it won’t be long until you get hacked.

More on: Password reuse defeats the purpose of passwords