[BrandonDC]

Personally, I think it's more realistic to place your trust in one verifiable source (i.e. using the cross-platform KeePass with the encrypted database stored on Dropbox) than assume that "hundreds" of different organizations are all going to implement adequate authentication strategies.

What seems oddly unrealistic to me is that if one company exposes your password, you now have to not only remember all of the hundreds of sites you have accounts on, but log in to each one and change that one password that you always use.

[dpark]

I agree the current system is broken, but asking users to remember hundreds of passwords is no less broken. As for KeePass, the problem is that I can't get integration with a browser on my phone or tablet, so I'm left jumping back and forth between apps every time I need to log into something. Not to mention there's no official KeePass implementation for the Mac (unless I want to run on Mono). I also frankly think it's unnecessarily complex, but maybe I should give it a try again.

I really don't understand how you can take the stance that it doesn't matter if a site has proper password security. Why are you bothering to use KeyPass if you don't care about security in the first place?