For the purpose of improving user security on a website / web application, would it be ethical to prevent users from selecting a password which is the same as that used to log in to their email address?
Q: How would a web developer/programmer know that the user had reused their email password?
A: Have a bot/script try to log in to the user’s email (they just gave you their address as well to sign up…) using the password they want to use on your website. If such a login is successful then discard the result and warn the user, preventing them from reusing the password. (And that’s why this is a non-trivial question of ethics.)