Recycling Passwords: Why We Keep Doing It — And How to Stop

Last updated: April 27, 2026
Recycling Passwords - Why We Keep Doing It — And How to Stop

In today’s digital world, passwords are the keys to nearly everything we do—teaching, research, collaboration, and communication. With so many accounts to manage, it’s understandable that many of us reuse the same password for convenience. But this habit, known as password recycling, remains one of the biggest risks to both personal information and university data.

Why We Keep Reusing Passwords

Even though most people know password recycling is unsafe, many of us still do it. The main reasons are surprisingly human:

  • Fear of forgetting passwords
  • Desire for convenience and control

It’s easy to see why. Between work systems, banking, online shopping, and social media, remembering dozens of unique passwords feels impossible. To make it easier, people often use familiar words—like a pet’s name or a birth date—that are simple to recall but equally simple for attackers to guess.

Another common misconception is that “my information isn’t valuable enough to steal.” In reality, even small pieces of personal data can be valuable to someone trying to impersonate you or access university systems.

 

How Password Reuse Puts UBC Data at Risk

How Password Reuse Puts UBC Data at Risk

For faculty and staff, password reuse doesn’t just endanger personal information—it can also expose UBC systems to attack. Recent surveys show that a quarter of global respondents reuse passwords across numerous accounts, with more than a third admitting to using personal information in their credentials that is publicly accessible on social media platforms and online forums. That overlap creates a critical weak point.

If an attacker obtains your credentials from a personal account that’s been exposed in a data breach, they can use those same details to try to log in elsewhere. This tactic, known as credential stuffing, automates the process—testing stolen usernames and passwords across multiple services until one works.

Because so many people reuse passwords, credential stuffing remains one of the most successful ways attackers gain unauthorized access. Once they’re in, criminals can steal sensitive data, impersonate users, or send phishing messages from a trusted UBC account.

Unique passwords act as a strong, simple barrier against this kind of attack.

How to Break the Recycling Habit

Improving password security doesn’t have to be difficult. With a few straightforward tools and habits, you can protect both your personal identity and the university’s data.

 

Use Unique Passwords or PassphrasesEvery account (especially your work accounts) should have its own unique password.
A great approach is to use a passphrase, made up of several random words strung together. Avoid using anything that could be easily guessed or found online, such as pet names, family names, or birthdays.
Turn On Multi-Factor Authentication (MFA)MFA adds a valuable second layer of protection. In addition to your password, it requires another form of verification to confirm your identity. Even if someone has your password, MFA can block them from accessing your account.
Enable MFA on every account where it’s available.
Use a Password ManagerA password manager securely stores all your unique passwords in one encrypted place. It can also generate strong, random passwords so you don’t have to remember them yourself.
Because your password manager protects all your other accounts, make sure its master password is long, unique, and protected by MFA.

Building Strong Habits Together

Strong, unique passwords and good password management are among the simplest and most effective ways to protect personal and institutional data.

When you use a password manager, create unique passphrases, and enable MFA, you’re not only protecting your own accounts; you’re helping protect the university community as a whole.

Small actions make a big difference. By sticking to these basics, each of us contributes to a stronger culture of privacy and security across UBC.

Go Further...

  • Article

Privacy Matters @ UBC

Safety & Risk Services | 2389 Health Sciences Mall
University Counsel | 6328 Memorial Road,
UBC Cybersecurity | 6356 Agricultural Road
E-mail privacy.matters@ubc.ca

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service. Bell Warning