Why registration-sites suck: Boing Boing links to a story on Wired about registration at news sites. The article is okay, but Boing Boing’s comments ring very, very true:
The point that everyone seems to miss is that no one can possibly keep track of a thousand passwords for a thousand websites, which means that these sites undoubtedly contain recycled passwords […]
The more you recycle a password, the higher the likelihood that you will use it in a sensitive context — a bank site, a message board, an IM client, an auction site — where someone might impersonate you or even commit identity theft crimes against you.
Okay, raise your hands, how many of you have a “standard” password that you use all over the place? Everyone does it. Show me someone that uses a different password for every registration or account and I’ll show you a liar.
I know a friend that has a group of passwords that he uses based on context — one password for throwaway Web site registration, one for email accounts, one for IM, one for sensitive stuff like banking, etc.
What if someone at one of these services decides to take your password and see where else it might work? Yes, I know the passwords should be hashed when stored in their database, but there’s no guarantee that they’re going to do that.
How may of you have a password stored in some service or Web site that you’ve long-since forgotten about that would also work in, say, your bank’s Web site?