[zv]

Hackers use strong passwords on things they want to protect. No need for strong password on some public site with unimportant data. Even more if those third party sites get compromised, your main security focus is not compromised.

[unreal37]

I thought this as well. "My virus needs to log into my irc channel" is most likely a weak password situation. If someone is analyzing the binary code of this virus, the game is over anyways. No matter how strong your password is, the program needs to be able to decrypt it to use it and so it might as well be plaintext and weak.

[meowface]

You might be surprised that they often not only use a weak password in that case, but also use a weak password for their IRC sysop account. And in some cases it is the exact same password. :)

[dec0dedab0de]

As another datapoint, I have a weak password for sites that I wouldn't care at all if they were compromised. For everything remotely important I use a separate random password at the max length allowed.

[Someone]

Another datapoint: my computer is just as good in remembering strong passwords as it is in remembering weak ones, so I use strong ones almost everywhere. My weakest password is the one that opens my keychain, but that one never leaves my computers (at least, I trust it doesn't. That probably is the weakest part of my password management)

[VonGuard]

Yeah, clearly the message here is: hackers understand that passwords are mostly useless security features if you don't trust the site you're using them on. Better to make them easier to put in than use something high security and have it compromised. Using your bank password on, say, GitHub, is a bad idea.

[niels_olson]

I would like to see LastPass et al add this to their interface: auto-detect max length, allowed characters, etc. it would be for user convenience but they could even phone those characteristics home and start shaming services that employ poor practices.

[lcedp]

They already do something like that. (Tools -> Security Check)

[DavidBradbury]

Same here - Any account I don't care about has a password that can be easily typed using only my left hand. Everything else has a large randomized password that I don't even know.

[chmars]

Hackers who use a password manager use strong passwords for all sites. Why bother with weak passwords if strong passwords are the default?

(The main issue with using a password manager is that most sites don't support your strong passwords, i.e., you have entered a 50-character password but they still insist on a capital letter or a number …)