A project of the Integrity InstituteDespite decades of warnings, tons of people still reuse passwords across multiple sites. If this is you, please invest in a password manager right now - it is the single most important thing you can do for your online security.
Password reuse is a problem because there is a steady drum-beat of security breaches across the web, many sites that collect username and password don't salt the passwords properly (fun math stuff, don't worry about it), and as a result, there are huge troves of username + password pairs out there on the dark web, easy for a hacker to use to try to gain access to the user's account on other sites.
Note: even if a platform has perfect security themselves, when their users create an account with a reused password, they are susceptible to impersonation and account hijacking on the platform.
A solution to this problem could be to prevent users from signing up using any password that has been found on the dark web at all. It would force users to come up with truly unique passwords, and help steer them (maybe with explicit nudges) toward using a password generator.
This also seems like a good place for regulation. Government could set up standardized protocols for checking whether a password has previously been leaked, as well as centralizing the maintenance of the collection of leaked passwords, either directly, or through the creation of standards.