"Never use the same password twice" should be "never use the same password on sensitive sites" IMO. Creating unique passwords for every single site
is needlessly annoying.
Someone cracks my account here, for example, sure they could try the same password elsewhere (let's assume for the moment they find the one other place I have the same username) and it'll work--but guess what, it's another meaningless account and what have they gained? Nothing that could help them hack another account. No PII. They try to take that pass and hit my banks, any work stuff, or anything remotely sensitive, they'll be tryin forever.
He copies and pastes those passwords into accounts so that, in the event an attacker installs keystroke logging software on his computer, they cannot record the keystrokes to his password.
I don't think I need to elaborate on how stupid this is.--
Think Outside the Fox.