[bigiain]

And it's not always clear at the beginning which sites are going to become those "more important" ones...

Way back when, in the days when I used a single "low grade" password for signing up and trying out sites, I registered on perlmonks.org, which I didn't ever end up becoming a regular contributor and pretty much forgot about. I also signed up for this new fangled "micro blogging" service 'cause I could use it to send free text messages to my friends overseas. It was called Twitter. 3 years later, I've got a quite vibrant social life going on in Twitter, and thanks to the browsers remembering passwords for me, I'd forgotten it was using my "low grade password" and I never upgraded it when the importance of that login increased. Until the perlmonks database (with its cleartext password storage) got exposed, and 5 or 6 hours later I started getting questions from friends about why I was spamming them on Twitter with Acai berry spam...

Now 1Password generates and stores all passwords for me. Its data is synced (via Dropbox) to my phone/sparephone/ipad/laptop/work machine/home machine/media center. I'm happy enough to not be able to log into any website whos password I've not bothered to remember when I don't have access to _any_ of those devices - I've got all 3 banking passwords in my head, two email passwords, a few important ssh key passphrases, and a few others (like my Apple ID password, since there's several places 1Password won't fill it in with CommandBackSlash, so I find myself typing it often enough to remember it), everything else I rely on my (multiply synced/backedup) 1Password database for.

Its working out _really_ well so far (I've been using it ~18 months, probably managed to transition to all random passwords about 12 months back.)

[spal]

You care about your identity and your tweets on Twitter. So, this is a sensitive account. It wasn't clear earlier whether you cared about your perlmonks.org identity so much. So, assuming the worst case scenario, this should have been considered a sensitive account as well.

This means that ideally you should have chosen two different passwords for both these accounts.

For some sites like reddit, HN, etc. one may know very well in advance that they don't care about their identity and they would be happy to create a new account when they lose one. I think these are the only cases where password reuse is justified.

[rohit89]

In my case, if the site becomes important to me, I change my password for that site. Except for certain sites, I don't make use of the browser remembering passwords feature.