[dinde]

An even bigger problem than password reuse, in my opinion, is secret question formulas to reset your password. My banking site requires a strong password, which of course means that I often forget it, which means that resetting my password has become a regular part of the login process. The site allows me to reset my password directly from the site after answering my secret questions correctly. It does not send an email link to reset.

If a password can be reset by answering a series of secret questions, then the password itself is moot and the account is only as secure as its secret questions. Which in many cases aren't very secure to anyone who might know the person (What is the color of your first car? What is your first pet's name?).

Given the choice between being allowed a "weak" password that I might actually remember, and a "strong" password that I either have to write down or reset every time I log in via answering a series of questions that are even less secure than a weak password, I would take the weak password.