Old Passwords

I went into my password vault the other day to retrieve a password.  For the application in question I had noted in the comments “old password may be ________”.  I’m not sure why I felt the need at some point to record a previous password.  This is terrible opsec practice to leave old passwords lying around.  Ask yourself, how many folks do you think use old passwords as seeds for new passwords?

monkey12 -> monkey123

password! -> password!!

mommieOct06 -> MommieDec08