SECURITY EDUCATION

Password Reuse

A password-reuse lesson framed as scenario, attack chain, observable evidence, operator response, and WitnessOps controls.

One password across many services turns one breach into many.

Scenario

You use the same password for a shopping site, your work email, and other important accounts.

The shopping site gets breached. Your email and password appear in a leak that attackers can buy or search automatically.

Attack Chain

Third-party site is breached
  ↓
Email + password leak
  ↓
Attacker runs credential stuffing
  ↓
One reused account works
  ↓
Mailbox, cloud, or work access is exposed

This is automated. The attacker does not need to know who you are.

Observable Evidence

Look for:

domain identities appearing in public breach datasets
repeated failed sign-in attempts followed by a successful login
MFA prompts the user did not initiate
new sessions from unfamiliar locations or devices
mailbox or account changes immediately after sign-in

Operator Response

Force a password reset on the exposed account.
Revoke existing sessions and check whether the attacker already logged in.
If email was exposed, inspect forwarding rules and recent account changes.
Require MFA and move the user to a password manager-backed workflow.

Do not assume a reused-password issue is harmless once a successful login appears.

WitnessOps Controls

The governed path should include:

Authorization Model for who may reset, contain, or inspect accounts
Policy Gates before sensitive identity-impacting actions
Sensitive Artifact Handling for leaked credentials and account evidence
Receipts to record exposure checks and remediation steps

The durable fix is still simple: one password per service, stored in a password manager.