Level 2
Microsoft ran a password-reuse analysis on over three billion company accounts in 2019 to find out how many of the used password were in use by Microsoft customers.
The company collected password hash information from public sources and received additional data from law enforcement agencies, and used the data as a base for the comparison.
An analysis of password use in 2016 revealed that about 20% of Internet users were reusing passwords, and that an additional 27% were using passwords that were "nearly identical" to other account passwords. In 2018, it was revealed that a large part of Internet users were still favoring weak passwords over secure ones.


Level 27
Content Creator
I used the same nick/email/Password123 for an easy access on 90% not so important sites for years and none of my accounts was ever stolen. The same goes for company passwords, that those scareware articles are based on. It would be great to make an analysis based on important accounts. MS's policy is the worst, it remembers all past passwords, like when I changed the password, it refused to let me to use the same.
In today's cyber world changing your password on a regular basis is a must!!!
That is no longer recommended, then again, some services get hacked and they hide it from users, so it is a good practice for skilled users.
I go on to explain that there is a lot of evidence to suggest that users who are required to change their passwords frequently select weaker passwords to begin with, and then change them in predictable ways that attackers can guess easily. Unless there is reason to believe a password has been compromised or shared, requiring regular password changes may actually do more harm than good in some cases. (And even if a password has been compromised, changing the password may be ineffective, especially if other steps aren’t taken to correct security problems.)
Not to mention, that changing the password is the most used method of phishing, either by sending a phishing link or by monitoring the change.