I went with my daughter the other day to set up her bank account. She's now an adult and this is one of those items we need to get done, especially in today's world of electronic banking and money transfers. It's time she takes another step towards being responsible and accountable for her finances.
As we went through the process, one of the steps was her setting up an account with the online presence of this bank. I told her to be sure to use a new password, one not in use anywhere. She agreed, but then said she has 3 or 4 passwords that she uses in different places. I told her that's not enough, and explained why. There is an interesting article about a MySpace security flaw in 2017.
Most of you don't use MySpace, but you might have. Even if you haven't, your kids or parents might use some popular tool, such as Facebook, Snapchat, Instagram, etc. Tomorrow we might discover a similar security issue, or worse, a disclosure of your passwords. If you think it can't happen, go try a few emails over at https://haveibeenpwned.com. You might be surprised at the results. My kids were.
It's not that your bank is necessarily vulnerable to hacking a password. However, if you've used the same (or very similar password like PasswordCNNdotcom) for your news reading at CNN, then if that company is hacked, it's not too difficult to take all emails and then try PasswordChasedotcom at Chase National Bank's site.
Reusing passwords is a bad idea. I do it for demo accounts across virtual machines, and even that bothers me. Everywhere else, I use a password manager and I have hundreds of passwords, separate ones for each site. My wife is annoyed if she needs a password for any of our accounts and I give her something like "4Gbv8A^f8" on my phone, but I'm not going to make simpler ones or reuse them.
Separate accounts and separate passwords are a mantra I've used for years at work and at home. Please spread the word and get those in your life to use separate, strong passwords for their online activities.