Back to Glossary

Glossary Term

Credential Reuse

Using the same password or credentials across multiple services, enabling reuse-based attacks.

1 min read

Share this definition

Post it to your feed or send it to teammates.

What it is

Credential reuse happens when users repeat the same password for work accounts, personal services, cloud platforms, or third-party tools. When one service is breached, attackers test those credentials against other systems in automated attacks, often with high success rates.

Why it matters

Credential reuse dramatically amplifies the impact of a single breach. A compromise of a low-risk service can quickly lead to access to business-critical systems. This technique underpins credential stuffing attacks and is responsible for a large percentage of account takeovers.

How to reduce risk

  • Enforce unique passwords per service
  • Promote or mandate password manager usage
  • Monitor for reused credentials in breach data
  • Combine strong passwords with MFA everywhere possible

External resources

  • https://www.ncsc.gov.uk/collection/passwords/using-password-managers
  • https://www.cloudflare.com/learning/bots/credential-stuffing/
  • https://attack.mitre.org/techniques/T1110/