People urged to stop using common password trick that comes with dangerous risk

People are being urged by experts to stop using a common password trick that comes with a dangerous risk.

Passwords are the first line of defence protecting your bank details, personal photos, medical records, work emails, and shopping accounts from criminals.

Yet despite knowing this, many people are making one catastrophic mistake that undoes all that protection.

A 2025 report from password manager 1Password revealed some disturbing truths about our security habits. Beyond the fact that over 80% of Americans have fallen victim to phishing in the past year, there's an even more alarming finding.

76% of people continue using the same password even after falling for a shopping scam.

Over 80% of Americans have fallen victim to phishing in the past year (boonchai wedmakawand/Getty)

That's three out of four people deciding their compromised password is still fine to use after their account's been breached.

When your account gets compromised, whether through a phishing email, malware, dodgy link, or data breach, everything associated with it becomes vulnerable.

That includes your password, email address, payment methods, personal details like your date of birth and home address, and anything else stored there.

What's so dangerous about this is that once hackers have your password from one breach, they'll immediately try it across every other service they can link to you. This is why security experts have been urging users to never reuse passwords across different accounts.

Every place you've reused that password becomes an open door. And in 2025, when free password managers exist and work brilliantly, there's genuinely no excuse.

Breaches happen constantly. You can have the strongest, most complex password imaginable, but if the company holding your data gets hacked, your credentials go with it.

Passwords are the first line of defence protecting all your accounts (SEAN GLADWELL/Getty)

Experts suggest to start by identifying the source of the breach because different types of compromises require different responses. If malware is involved, it's best to clean your device before changing anything.

Otherwise, the malware will simply capture whatever new passwords or security measures you put in place through keylogging or screen monitoring and you could be handing fresh credentials straight to the attackers.

Experts suggest removing the malware first, then run multiple scans to confirm it's gone. Alternatively, you could update your account details from a different device you know is secure.

Once that's done, use a password manager to store your passwords in a secure place.

These tools generate strong, unique passwords for every account and store them securely behind one master password. You only need to remember that single passphrase, and everything else is handled for you. If one site gets breached, the damage stays contained.

It doesn't take long to set up and will keep your accounts secure in the long-run.