Updated on November 6, 2023.
You should stop reusing the same password for multiple accounts because if a cybercriminal gets a hold of that password, they can gain access to every account that uses it. Since the average person has 20 or more online accounts, according to a Keeper Security report, they have a hard time remembering all of their passwords and fear locking themselves out of their accounts. As a result, people tend to reuse the same password to make it easier to log in to their accounts. However, this can put them at risk of losing access to their accounts and having their personal information exposed.
Continue reading to learn more about the risks of reusing the same passwords and how you can avoid reusing them.
What Is Password Reuse?
Password reuse is when a person uses the same password or a slight variation of it across multiple online accounts and services. Many people may reuse a password because it’s easier for them to memorize one instead of several passwords. However, this poor practice can lead to several different types of cyber attacks, including credential stuffing attacks.
Risks of Reusing the Same Password
The biggest risks of reusing the same password are credential stuffing and account takeover attacks, which often lead to unauthorized access and loss of your accounts and personal information.
Credential stuffing
Credential stuffing is when a cybercriminal uses a set of exposed credentials to attempt to gain access to multiple accounts. Cybercriminals often use credentials that have been stolen from data breaches to execute credential stuffing. According to Keeper’s Password Practice Report, credential stuffing is often effective because:
- 56% of people reuse the same passwords across multiple accounts.
- On average, people reuse the same password across four different apps and websites.
- 55% of people have been victims of cyber attacks.
- 15% of people know their passwords are on the dark web but haven’t changed them.
If you do not change your reused password following a security breach, cybercriminals can use credential-stuffing attacks to take advantage of accounts that you probably forgot existed. You should avoid reusing the same password or any variation of the same password on multiple accounts because cybercriminals have technology that can input any variation of the same password to guess your passwords. Reusing the same password across multiple platforms and web applications can lead to multiple accounts being compromised due to a single exposed password.
Account takeover
An account takeover is a type of identity theft in which a cybercriminal takes control of another user’s account without their permission. Credential stuffing often leads to account takeover attacks since cybercriminals can use the same password to gain access to multiple accounts. Once an account is taken over, the cybercriminal can lock a user out of their account and steal their personal information. Cybercriminals can sell this stolen information on the dark web or use it to impersonate the victim and commit fraud.
How to Prevent Password Reuse
In addition to making the conscious choice to prevent password recycling, there are other strategies to avoid this harmful practice. Use the tips below to prevent recycling login credentials.
Create strong and unique passwords
The best way to avoid password reuse is to create strong and unique passwords. Strong passwords are at least 16 characters and are a random combination of uppercase and lowercase letters, numbers and special characters. They omit any personal information, sequential numbers or letters (12345) and commonly used dictionary words such as “password.” Strong passwords are difficult for cybercriminals to crack to gain access to your accounts. You should use a different password for each of your accounts to avoid multiple account takeover attacks.
Use a password generator
A password generator is a tool that creates unique passwords by randomly combining uppercase and lowercase letters, numbers and special characters that never repeat. You should use a password generator to help you generate strong passwords that will protect your accounts from cybercriminals. A password generator makes creating strong passwords easier and ensures that your passwords never repeat.
Store your passwords in a password manager
A password manager is a tool that securely stores and manages your personal information in an encrypted vault. Since a password manager stores all of your login credentials, you won’t have to reuse the same password or remember all of your different passwords. Some password managers can identify any passwords that have been reused across your accounts and prompt you to change them to strong and unique passwords. Using a password manager makes logging into your accounts easier since it autofills your login credentials whenever you open the website or app you are trying to log in to.
Some password managers offer add-on features like dark web monitoring. Dark web monitoring tools scan the dark web and identify if any of your login credentials were found. The tool alerts you if any of your accounts have been compromised so you can quickly change your passwords.
Enable MFA
Multi-Factor Authentication (MFA) is a security measure that requires you to provide an additional form of identification such as a one-time code to gain access to an account. MFA provides an extra layer of security to your online accounts since you need to prove your identity to gain access to your account. Even if your login credentials were compromised in a security breach, a cybercriminal wouldn’t have access to your account since they wouldn’t be able to verify their identity.
Practice good password hygiene
Educate yourself about good password hygiene to prevent security risks. Ensure you are staying up to date with cybersecurity news to continue following cybersecurity best practices. Examples of good password hygiene include changing your passwords after a security breach, regularly updating your software, recognizing cyber threats and using antivirus software.
Use a Password Manager To Avoid Password Reuse
The best way to avoid password reuse is to use a password manager. A password manager helps you create strong and unique passwords and will safely store them in a password vault. You won’t have to worry about remembering all of your different passwords since you can access them all in your password manager. Sign up for a free trial of Keeper Password Manager to protect your online accounts and prevent password reuse.