No one here is saying that users shouldn't have better password policies. They should.
What is being said is that having a devil-may-care attitude toward safe guarding your users account data is not ok.
If you use your bank password for anything other than your bank, you're clearly not taking security seriously.
If you think you shouldn't have to properly secure user account information, you're clearly not taking security seriously.
Both parties can be wrong, but that doesn't excuse either side.
> The only real danger is for bozos who use the same password for HN as they do for their citibank account
---
Excuse my pedantry, but I'd advise against saying "That isn't the point.", for it conflicts with a well known writing technique: http://en.wikipedia.org/wiki/Show,_don%27t_tell
If you insist on doing so, consider a more polite alternative. E.g. "it's seems you've missed the point", "perhaps you've misunderstood", "I feel that so-and-so was saying something else".
No one here is saying that users shouldn't have better password policies. They should.
What is being said is that having a devil-may-care attitude toward safe guarding your users account data is not ok.
If you use your bank password for anything other than your bank, you're clearly not taking security seriously.
If you think you shouldn't have to properly secure user account information, you're clearly not taking security seriously.
Both parties can be wrong, but that doesn't excuse either side.