Not sure I understand — passwords are generally hashed in databases. Even if leaked, an attacker would still need to brute-force the hash to retrieve the actual password, wouldn’t they?
You’d think so. But over and over plain text leaks of passwords is the practical reality of the modern internet. A disgruntled staff member, poor tech practices or someone working out a way to get in and get access.
The https://haveibeenpwned.com/ project regularly shares new breached datasets. Reusing passwords across websites without MFA is just not not not recommended in 2025.
"Generally", sure. How do you guarantee every service you've ever signed up for uses proper salting and hashing though? All it takes is one for your entire security model to go down the drain.
The https://haveibeenpwned.com/ project regularly shares new breached datasets. Reusing passwords across websites without MFA is just not not not recommended in 2025.