in reply to Re^2: Status of Recent User Information Leak
in thread Status of Recent User Information Leak
each account somebody has should have it's own independent password
This is an ideal. Personally I juggle about 10 different passwords in my head. A unique one for EVERY site that needs access? Impossible. A password manager? Not on every access point I use.
I was using a password on this site I share with other non-critical systems so there was no risk of any commercial system being accessed using the exposed password. However I did have to go and change my generic password on the other websites on which I use it.
The problem with computer development is that it is a small part science and a large part art. A large part of it is managing risk. How much risk do you take using 1 password vs convenience? How about 5 passwords vs convenience. How about 250 (pretty inconvenient for me, I can't even name every bone in the body.. might work for surgeons though..)?
Now trade the effort required to salt and store passwords. Hmm, about 3 minutes using the crypt() function. How much risk is alleviated doing this? More than enough to mandate it for any web project.