Which practice involves using the same password across multiple accounts, which is discouraged?

Reusing the same password across multiple sites is discouraged because it creates a single credential that can unlock many accounts. If one service is breached and your password is exposed, attackers can try that exact password on other sites, a technique known as credential stuffing. The more sites you use with the same password, the greater the risk that a breach somewhere will lead to multiple compromises. The best practice is to use unique, strong passwords for each site and store them with a password manager. Adding two-factor authentication wherever possible further protects accounts even if a password is compromised. The other items mentioned relate to different security controls—preventing reuse of recent passwords, keeping passwords private, and enforcing changes after a period—but they don’t address the broader risk of cross-site reuse.