[tedivm]

Why would you have to change your password on "a ton of forums" if you yourself have been using password best practices? Envato was responsible in their disclosure- you think those "tons" of forums are all going to do the same? For all you know your password has been in the wild for years.

You should use this as an opportunity to get a password manager (Lastpass, for instance) and use unique passwords for each site.

[dutchbrit]

I agree that it's my fault not having a unique password for Envato, I do have unique passwords for most important things, but to have unique weird passwords for everything is too much for me, especially since I'm switching computers all the time, it'd be quite a hassle each time. Especially since I log into a lot of less important sites with this password. If it was a salted and encrypted, I wouldn't bother changing them. But seriously, plaintext. It's the biggest cockup I can imagine. Some may argue, but you can also keep passwords on your phone or online, you're correct, but what if my pass phrase gets hacked to all my unique passwords? How do I know that these services are waterproof? It's not the most secure way of storing passwords either to be honest, but they don't have any other way. It has to be decryptable. In the end, nothing is waterproof.

[tedivm]

Sure, nothing is water proof. However, some solutions are better than others- and as a lastpass user I know I don't have to change my password on "a ton of forums".