How to End Password Reuse on the Web

How to End Password Reuse on the Web

Password reuse is a common practice amongst teams that can lead to a cybercriminal getting a hold of your online credentials. Despite knowing that it can leave your accounts compromised, a majority of people are still guilty of reusing their passwords. 

Results from an online security survey by Google and Harrison Poll found that:

  • 52% of people reuse the same passwords across multiple accounts.
  • 13% of people reuse the same password for all their accounts.
  • 35% of people use different passwords.

As cybercriminals use more sophisticated attacks, organizations must emphasize the importance of good cyber hygiene practices to prevent data breaches. Keep reading to learn more about why you shouldn’t be using the same passwords and some strategies to avoid password reuse.

What Is Password Reuse?

Password reuse is when a person uses the same password across multiple online accounts and services, such as using the same password for your email address and bank account. Many people may reuse a password because it’s easier for them to memorize one password instead of several. However, this poor practice can lead to a password reuse attack.

Why You Shouldn’t Use the Same Password

A password reuse attack is a type of data breach where a cybercriminal gains access to multiple accounts due to recycled login credentials. Victims should immediately update their usernames and passwords of accounts that use the same credentials to prevent attackers from gaining access to even more accounts. 

If you do not change your reused or unsecure passwords following a data breach, cybercriminals can use credential stuffing attacks to take advantage of accounts that you neglected to update login information for. Reusing the same password across multiple platforms and web applications can cause a domino effect of multiple accounts being compromised due to a single password.

In an incident reported by Forbes in April 2020, more than half a million Zoom account login details were made available in dark web crime forums. Cyberattackers managed to get a hold of these stolen credentials by going through online databases containing previously compromised passwords dating back from 2013. 

How to Prevent Password Reuse

In addition to making the conscience choice to prevent password recycling, there are other strategies to avoid this harmful practice. Use the tips below to prevent recycling login credentials.

Practice Password Hygiene

Educate your employees on cyber hygiene best practices and set policies in place to prevent security risks. Ensure that training for new employees covers the best practices they need to follow to stay protected. Hold frequent training with current employees as a refresher. Examples of creating policies to enforce password hygiene are requiring employees to change their passwords periodically, as well as requiring a minimum password length to strengthen their password security.

Use a Password Manager

Shockingly, roughly 57% of employees have admitted to saving passwords on a sticky note, according to a Keeper report surveying 1,000 employees in various industries. Rather than relying on a piece of paper, it is much easier and safer to use a password manager.

A password management tool is an effective and convenient way to ensure you have the best password hygiene possible. Rather than putting the responsibility of remembering passwords on your employees, a password manager automatically generates strong passwords, saves credentials in a digital vault and autofills the details into the platform’s login page.  

The password generator creates unique passwords, making it difficult for cyberattacks to guess. The password vault stores login details, removing the responsibility for your employees to memorize multiple usernames and passwords. And the autofill feature prevents your team from having to manually type in their credentials, protecting them from keystroke logging software. Password managers often have multi-factor authentication (MFA) available, a feature that can prevent 99.9% of cyberattacks, according to Microsoft.

Additionally, password managers often have the added benefit of auditing your password security. Keeper’s business password manager has an admin console that displays to admins which employees have weak or duplicate passwords stored in their vaults. Teams can also opt in for additional protection such as dark web monitoring to receive alerts if credentials are ever found on the dark web. 

Check out the demo video below to learn more about Keeper password manager for businesses.

Why Choose Keeper as Your Company’s Password Management Solution

Join millions of people and thousands of businesses that use Keeper’s business password manager. Our zero-trust and zero-knowledge security solution protects your team against cyberthreats. We enable your organization to achieve complete visibility, security and control across every team member on all devices. 

Try our password manager today with our 14-day free business trial and see how we can protect your company’s credentials from cyberattacks.


Frequently Asked Questions

How should you store passwords?

Right now, a staggering 82% of survey respondents admitted to storing login credentials in a notebook or journal, according to the 2021 Workplace Password Malpractice Report by Keeper. Passwords should not be stored anywhere that can be accessed by an unauthorized person. Instead, passwords and credentials should be stored safely in an encrypted digital vault provided by a reliable password manager.

When is it okay to reuse a password?

It is never okay to reuse a password. 

Are longer passwords more secure?

Yes. Adding more characters can make a password more secure. Other ways to create a secure password include:

  • Adding special characters
  • Including numbers
  • Using a combination of uppercase and lowercase characters
  • Using a random string of characters instead of words

    Also, avoid creating passwords containing personal information such as important dates and names. 

  • Craig Lurey

    Craig Lurey is the CTO and Co-Founder of Keeper Security. Craig leads Keeper’s software development and technology infrastructure team. Craig and Darren have been active business partners in a series of successful ventures for over 20 years. Prior to building Keeper, Craig served at Motorola as a software engineer creating firmware for cellular base station infrastructure and founded Apollo Solutions, an online software platform for the computer reseller industry which was acquired by CNET Networks. Craig holds a bachelor’s degree in Electrical Engineering from Iowa State University.