When you create an account you need to use an email, and as you may have noticed you’re asked to confirm the email either to complete the account creation or once the account has been created. Confirming usually means logging into that email and clicking on a link sent to you. What this does is confirm to the website that you do indeed have access to that email account. Email accounts tend to be important so we generally either don’t forget our credentials or use extra security measures like having our phone numbers attached to them. Random website accounts may be important or they may not be. We might very easily forget a password so email recovery is the general go to method.

When you recover a password, you’re once again sent a link to your attached email account. The logic is that any random can request a password change, but only the true account owner can see the email and click the link in it, which allows for the password to be changed. This is why it’s very important to have different passwords for each account and email. In the case where someone has the exact same passwords everywhere, this compromises these security features a lot since if they gain access to your email, they can pretty much gain access to all accounts attached to that email.