[nicolaslem]

Strong disagree about password reuse, the average person has multiple dozens if not hundreds of accounts on various services. Even if none of them ever get hacked, you are still trusting thousands of engineers having access to production to not record the passwords that are sent to them with each login.

Just use a random password per service and keep it in a password manager.

[raverbashing]

Again, if companies didn't treat password data carelessly (or, even worse like your example) it would have been a minor issue

Yeah, I'm not advocating for password reuse, I'm saying that a good system would make it a non-issue

[RickHull]

> Again, if companies didn't treat password data carelessly

This is not a real solution. The real world is full of unreliable actors and byzantine generals. Any solution that depends on a perfect environment isn’t one.

[ncallaway]

The problem is you don’t need to get one company to behave well. You need to get every company to behave well.

It’s almost like saying “we don’t need to spend money on a court system, if we just got everyone in the country to work out their disagreements amicably”. While… true, it doesn’t sound like a plausible solution to my ear.

[raverbashing]

True. Which also means the expected reliability of a 3rd party password manager also goes down

Maybe we can just ditch passwords for most services

[lazide]

I recently did a migration, and have > 1300 passwords.