Password reuse is a person’s tendency to use the same password across different online services.
People reuse passwords in response to the poor usability of passwords. From the user’s standpoint passwords need to be memorized or managed, and from the service provider’s standpoint they must be managed for on/offboarding, made more complex in response to security policies, and reset as a result of helpdesk requests. As people recycle the same password(s) across different services, and data breaches involving passwords occur, the supply of valid ones for credential stuffing attacks increases. This makes credential stuffing attacks viable for malicious hackers and script kiddies.
Breach upon breach in concert with password reuse ensures that enterprises with no connection to a data breach become past breaches’ collateral damage, as passwords are weaponized against the uninvolved companies. In recent years the high volume of password reuse attacks has led enterprises to explore new methods for password elimination.
“Password reuse is one of the major drivers of data breaches, as this tendency to recycle passwords across different services feeds the supply of valid credentials that malicious hackers use in data breaches on all enterprises.”