While cybercriminals are good at what they do, poor password hygiene — having a few simple passwords that open all your online account makes their job even easier.
By using the same password or simple variations (i.e., admin1, admin 2, admin 3) for numerous accounts, you become vulnerable to what’s called “credential stuffing” — a
“This is not rocket science,” said Brett Johnson, a notorious cyber thief (US Most Wanted List 2006) who turned his life around after getting out of prison and is now a digital security consultant. “If you use the exact same password, which most people do, and I can get that password through a phishing attack or data breach. That gives me the login information for your bank account, your credit card account, and all your other accounts with that same password,” Johnson
Reuse the same password on multiple accounts and your exposure grows with each new breach. For example, if your Starwood password was compromised in the mega-breach announced by Marriott International in November, and you’ve used the same password for other accounts, all of them are now vulnerable — even if you change your Starwood password.
Criminals will use automated programs to try these stolen passwords on other accounts used by those breach victims.