'Victims will feel it could never happen to them, but when a cybercriminal can access your account, they can change the password and lock you out, as seen with this incident with DraftKings.' 'When users have the same password for various accounts, cybercriminals will probably gain access to that account,' McQuiggan told The Register. Other tools like 2FA or multi-factor authentication (MFA) also are crucial – though not foolproof – ways of protecting online accounts, according to James McQuiggan, security awareness advocate at KnowBe4.