When to never re-use a password

When should you never re-use passwords?

Its unrealistic to expect users to not re-use passwords, as they cant remember them all. There are sites where no real personal or business critical/confidential information is stored, so the same password could be used  for those. However there are sites where you should always use different passwords, complex ones at that.

Never re-use passwords across important accounts. These are the ‘high value’ accounts that protect things that you really care about and would cause the most harm to you if the passwords to access these accounts were stolen. As well as using a separate password for each of them, you should also set up Two Factor Authentication (also called Two Step Verification) in the security settings for each.

Email is an especially important account, as it can be used to manage all of your other passwords (and to request password resets). It also contains a lot of personal information that a criminal can exploit. Your other important accounts might include:

• online banking and online payment services
• password managers
• work accounts
• cloud storage
• platform accounts (like Apple, Microsoft or Google)
• federated ID (where you log into one account using the credentials from another, usually Facebook or Google)
• any account that you would be devastated to lose (for example your favourite social media accounts)

Contains public sector information licensed under the Open Government Licence v3.0.

For more information on re-using, not re-using and password managers click here:-