[danibx]

I treat password strength relative to the importance I give the service I'm using. If it is something I care about I will use a 8-12 character password with a few uppercase letters and digits. If it is something I don't care about, but requires an account, "1234" should be enough.

I have even given up on registering on a few sites because they required a safe password. This is getting even more common to me with mobile apps. Typing long passwords on a small tocuh screen keyboard is difficult.

[bargl]

Troy Hunt comments on this. If it's a non-important site that shares a password with another important site that is an attack vector (I'm sure you aren't doing this but many users do). So if you stick to all non-important sites get weak passwords you'll probably be fine you just have to make sure there is no attack vector to another site of more importance.

I.E. If one of them has the last 4 digits of your credit card then they can call customer service at another more important site and get more information building to a full scale attack. It could happen in a similar way to what happened to Mat Honan http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/

However, that example leads to what the article is talking about. If it's a low probability then users figure the risk is worth it.

[IceSt0rm]

Lastpass and it seems to work well. Have it generate a strong 12 character password with uppercase, lowercase, special characters and numbers (depending on the restrictions of the application). Secure it with a strong master password and change the master password on a regular basis.

That said, if someone guesses your master password, then you are in trouble.

[reagency]

My SSN is not protected my password! A hacker can steal my SSN by hacking the server database.

[RegW]

For accounts that are unimportant to you, it seems logical to learn one complex password that you use across all these sites. However, there is a danger that an account is actually more important than you suspect - perhaps it gives away a clue.

[jcranmer]

That's actually probably the worst thing you can do. Password reuse is a bigger problem in practice than password guessability.

I use password generation schemes. For example, you might decide to use the highest-grossing films of various years. You can then write down the site name and a year in a file and then be able to derive a password, and it gives you dozens of unique passwords that are still resistant to dictionary attacks. It also tends to satisfy sites that require at least one number, one upper-case, and one lower-case letter.