8.2.6 Set passwords/passphrases for first-time use and upon reset to a unique value for each user, and change immediately after the first use

PCI DSS v3.2.1 Questions and Answers Forum Implement Strong Access Control Measures
1

8.2.6 Set passwords/passphrases for first-time use and upon reset to a unique value for each user, and change immediately after the first use.

8.2.6 Examine password procedures and observe security personnel to verify that first-time passwords/passphrases for new users, and reset passwords/passphrases for existing users, are set to a unique value for each user and changed after first use.

If the same password is used for every new user, an internal user, former employee, or malicious individual may know or easily discover this password, and use it to gain access to accounts.