Now- this isn't similar at all. But it reminds me of when I was reading about an attack in which a hacker got into someone's LinkedIn (I believe it was that), by hacking into his friend's instant messenger. And then from there social engineering the person by asking him what his pet's name was and so on. Because of that he was able to create a list of probably passwords and got into the account. Turns out he had used the same password, and then he found himself locked out of his Facebook and gmail account. Now as I said again not at all similar yet it seems to have the same moral as what we've seen above (not using the same password). It really seems like a no-brainer yet most people don't do it. I suppose there's a valid fear of forgetting, but yet again that's where password recovery options come into play (forget password).