LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

Why is password uniqueness (never reusing the same password across accounts) the single most important password rule?

One breach anywhere becomes a breach everywhere — credential stuffing turns a leaked LinkedIn password into your bank login.

The attack — credential stuffing:

  1. Attackers download a database leak (e.g. Collection #1 — 773 million emails + passwords)
  2. They feed every email:password pair into thousands of other sites automatically
  3. Anywhere the user reused that password → instant account takeover

Why it works so well:

  • Studies show ~65% of users reuse passwords
  • Once a site is breached, that password is on cracking lists forever
  • Even 5-year-old leaks are still valuable — many people never rotate

The defender's worst case:

Even if your site is perfectly secured (hashed, salted, rate-limited), if a user reuses a password that leaked from a breached forum from 2014, attackers will log in through your front door looking exactly like the legitimate user.

Solution: Password manager → unique random password per site. Then a breach is contained to that one account.

Check yourself: https://haveibeenpwned.com/ — see which of your accounts are in known breaches.

Go deeper:

From Quiz: INTROL / Password Cracking | Updated: Jul 05, 2026