[ajross]

They can also message your friends as if they were you. Scams and social engineering attacks do and have operated this way. If you or your friends are high-value targets, they or their interests can be seriously hurt by this sort of thing.

[jasonkester]

Which of the sites that you use your throwaway password for have friends and messaging?

Personally, I have exactly one site from which I tolerate non-email messages from friends. That's Facebook, and it's in the same category as email, ecommerce, etc. that gets a real password.

[ajross]

Uh... the specific examples given were comments on engaget and reddit. You think people don't talk to their friends on those sites? Yours is precisely the kind of thinking that leads people to fall for social engineering attacks. Clearly you're too smart for it to happen, right?

[jasonkester]

Correct. I don't think people talk to their friends on engadget or reddit. Why would anybody do that?

You have email, telephones and facebook for talking to people. Why would you expect somebody you know to sift through threads on reddit to find out if you've said something to them?

Can you honestly say that you've done that? I never have, so it doesn't bother me whether you can guess my password to one of those sites. And if I ever ask to you wire some money to me in a comment on an engadget post, feel free to give me a call to confirm.

[fudged]

I've got some friends on reddit that I communicate with through messages. Although, I certainly prefer to communicate through other mediums.