Some security experts believe that, if you allow people to reuse passwords, they will cycle through a small number endlessly with all of their accounts. Instead, users should create unique passwords each time.

Others believe that doing this causes users to create less-secure passwords because they’ve exhausted their ability to come up with something memorable. So, they resort to reusing old passwords with minor adjustments (i.e. “Passw0rd!” becomes “P4ssw0rd!”).

Many of these beliefs are based on outdated research. For instance, the whole “8 characters, capital, lowercase, and a number” thing..? That’s been condemned by the guy who came up with it. It’s actually terrible for security.

Multi factor authentication (particularly unrestricted factor authentication like Google Authenticator) is the best widely-available security at the moment.