Passwords

Why All of Your Passwords Should Be Unique

  • Reading Time: 2 mins
  • Source: The SecDev Foundation
  • Last Update: 17 September 2021
  • Type: Explainer
Illustration of a woman with many different shaped and coloured keys in front her.

All of your accounts should have unique passwords that you have never used before. Even if you have the strongest password in the world, you are putting yourself at huge risk if you use it across multiple accounts.

What happens when you reuse your passwords

Let’s say you use the same password for your personal email, Facebook, and Instagram. If your email provider experiences a security breach (which happens much more often that we realize) and your user credentials are stolen, attackers will try using the stolen password and its slightly changed versions to log on to other sites as well. As a result, all of your accounts using the same password will be compromised.

Reusing passwords is also a bad idea because, just like millions of other users across the world, you probably have a handful of accounts which you created at some point in the past and which have since been out there forgotten or used rarely. It is very likely that at least some of these accounts have been compromised. If an attacker has your email address which is linked to some of these accounts, it is easy to find all compromised accounts using this email address. It is also easy to get leaked passwords to all such accounts. So, if you reuse the same password or slightly changed versions of a single password across multiple accounts, an attacker can compromise all of these accounts by finding a single forgotten account of yours. This is called password stuffing.

  • If you want to check if your email address(es) is linked to any accounts that have been leaked or compromised, you can use this service. Simply type the email address in the search field and click “pwned?”.
  • If the email address has appeared in any account breaches, you will get a list of all the online services where your account credentials have been compromised in any way. Log in to each of these accounts and change your passwords as soon as possible. Also consider protecting your important accounts with two-factor authentication. Remember, your passwords should be strong and unique. If you no longer use any of these accounts, consider deleting them.

At this point, you might feel that having unique passwords for each and every account – and making sure that these passwords are genuinely strong – is a bit too much. How will you remember all these passwords? Well, you only need to remember a single strong password. A password manager will do the rest for you.

Learn more about

Digital Risks Icon Digital Risks Passwords Icon Passwords Devices Icon Devices Data Icon Data Conversations Icon Conversations Digital Identity Icon Digital Identity

This site is licensed as Creative Commons BY-NC-SA 4.0. Please read our attribution policy to learn about freely redistributing out work.