[feanaro]

> It's the same thing around passwords. People don't use weak passwords or reuse their passwords because they don't know any better, they do it because they do not care about whatever is protected by the password.

This is quite often false from my experience talking with people using bad passwords. The most frequent reason seems to be a basic misunderstanding of the problem, i.e. "But who would ever think of trying and manage guessing CowMilk76$ as my password."

So it mostly boils down to not being aware of computer assisted cracking, let alone modern cracking techniques with rules and statistics. They are imagining someone targeting them specifically, using their own hands and imagination. From that perspective, it is quite ludicrous to think someone would be able to crack CowMilk76$ as their password practically.

[flukus]

IME people choose weak passwords because they need to be able to remember them and technical people seem to forget this. If they're complicated or too long then the forgotten password option becomes how they log into things, making the password essentially useless.

I'm not sure what the answer is, but longer and more complicated passwords aren't.