Psybersafe Blog

We’re not lazy, we’re efficient..

October 2025· 3 min read

Why everyone still reuses passwords.

You’ve got 143 accounts. You’re asked to create a new password again!
So you tweak the one you always use. You add a “!” and a year. Good enough, right?

You’re not alone.

In 2025, despite decades of “don’t reuse passwords” campaigns, 94% of leaked credentials were reused across multiple accounts. That’s why 81% of corporate breaches still come down to one thing: weak or duplicated passwords (CyberNews, Spacelift).

But this isn’t a story of laziness. It’s a story of efficiency and the human brain doing exactly what it’s wired to do.

Behavioural Science and why our brains love password reuse.

There are a number of biases and shortcuts we mere humans use subconsciously to the information overloaded world we live in:Blog Oct 2025 reuse password 500x340

Add a system that makes “doing the right thing” harder, and password reuse becomes the path of least resistance.

How hackers exploit (not just “abuse”) our so-called laziness

This isn’t just theory; it happens all the time.

In April 2025, attackers used leaked credentials from other breaches to hijack Spotify Premium accounts. They could do this because people reuse passwords across services.
(BleepingComputer)

Blog Oct 2025 spotify hack 700x300

How? They used something called credential stuffing attacks. Credential stuffing sounds fancy, but it’s just a digital “copy and paste” for hackers. They take stolen usernames and passwords from old breaches and try them everywhere, for example banking apps, email, even Spotify.

So, if one of your passwords is leaked in a breach, attackers will try that same combination on your Spotify account, your banking apps, and other online services.

If you want to check whether your email credentials have been leaked anywhere, enter your details into https://haveibeenpwned.com/ , a trusted service which provides details of where and when your email may have been compromised.

Blog Oct 2025 Haveibeenpwnd image

Sample output from https://haveibeenpwned.com/

Okay, so what actually works (without turning your life into a cybersecurity bootcamp)?

Here is a closing thought

Most people aren’t careless, they’re just overloaded. And developing good cyber habits is not about preaching; it’s about designing ease, removing friction, and understanding how humans behave.

Want to nudge your team toward better cyber habits (and fewer password headaches)? Check out Psybersafe, where behavioural science meets practical, fun, and bite-sized cyber training. Fewer lectures and more “aha” moments.

We love behavioural science. We’ve studied it and we know it works. If you want to know more about the science of persuasion and influence and behavioural science in general have a look at our sister site https://influenceinaction.co.uk/

Sign up to get our monthly newsletter, packed with hints and tips on how to stay cyber safe.


Don't miss what actually changes behaviour

Every blog as it lands, plus tips, tricks and behavioural science you won't find anywhere else.

Join over 500 people getting safer, one issue at a time.

No spam. Unsubscribe any time.

Found this useful? Share it with a colleague. And if someone shared it with you, sign up above and get the next one yourself.