Dealing with re-used passwords


If you have two or more accounts or logins with identical passwords in your database, Sticky Password will help you to deal with them efficiently.

The problem with re-using passwords

There are two cases when passwords can appear as “re-used” in your database:

  1. Using the same password in multiple accounts. This can be that one super strong and unbreakable password that so many people reserve for their so-called important accounts. But it also applies to those quick passwords we routinely use when prompted to create a new online account (e.g. ‘letmein’, ‘qwerty’, ‘123456’, and other strings that are easy to enter and remember); basically as a shortcut when we’re hurrying to register on a website or for a new app we want to use right away...

    Of course, it is not recommended to reuse passwords on multiple sites because once hacked on one site, that password becomes a liability in all the other accounts! This is a vulnerability that hackers and bad actors are known to exploit!

    Practically speaking, a major reason to have a password manager is to avoid re-using passwords at all! With Sticky Password assigning random passwords to each website or application is easy and makes sense - simply use the password generator to generate and save new passwords. Sticky Password can even help you to change your password on the website. Example1. Example2.

  2. When some services have two or more entry points: for example, and are both expecting you to enter the same login password. Or, if you use Skype, you should use the same login and password for the website, as well as for the desktop application, and even on your mobile application. To store and autofill passwords for Skype for these three different instances, you would need to have three accounts in the database, and they would all store the same password. When changing your Skype password on the website, you would have to remember to change it also in the other two records in Sticky Password.

    Luckily, Sticky Password has a simple solution - login linking can store just one password and share it with several account records.

Sticky Password warns you about re-used passwords

In the account details screen, the “Re-used” warning link lets you know that you have saved the same password also in at least one other account:

Clicking the “Re-used” link when displayed on the account details will show you the other accounts where this password is re-used:

Choose the accounts that you would like to link. Note that all the accounts to be linked must have the same login and password. Click the "Link Passwords" button to link the selected accounts. Later, when you change your password in one of the linked accounts, it will also be changed for all the accounts linked to that account. Learn more about managing your linked passwords.

Finding your re-used passwords

You can see all your re-used passwords on the Security Dashboard. Just open the “Re-used” tab:

Or, click the ‘Summary’ tab in the top menu; re-used passwords will appear in the Medium issues section, where you can turn on the "Group by password" option in the toolbar to easily find re-used passwords displayed next to each other and highlighted by a similar background.

Select the passwords you want to link and click the “Link passwords” button.

When accounts have been linked, they will be removed from the "Re-used" section of the Security Dashboard. You can find each of the accounts under its respective listing in the Web or App accounts tab. While these accounts remain separately in your password database, their association with a common password means they are no longer categorized as 're-used' passwords. Essentially, multiple account entries are streamlined by a unified password reference. Learn more about managing linked passwords.

You’ll also see all the sites where you are at risk because you are re-using the same passwords. A favorite practice by hackers called credential stuffing exploits the fact that people reuse their passwords on multiple accounts. Sticky Password shows you where you are reusing passwords so that you can change them BEFORE a hacker can get lucky with your account. Be sure to change your passwords, so that each of your accounts has its very own unique, long and strong password – preferably generated by the password generator.

Was this answer helpful?

Yes No

How can we improve the answer?

Send feedback

Thank you!

Thank you! We will do our best to make this answer better.

An error has occurred. We apologize for the inconvenience. Please try again.

We’ve just received your message. Thank you.

Our response time on business days is typically within 24 hours.
However, sometimes traffic volumes may delay this a little.

We will reply to your ticket to the address you entered: