Reply to post:

We've, um, changed our password policy, says CafePress amid reports of 23m pwned accounts

Doctor Syntax Silver badge

"I wonder, if we shouldn't be using unique usernames and passwords for each site."

He's an expert and he's only wondering? What will it take to make him sure?

Of course we should. We all used to until sites decided to use email addresses as user IDs. And it's even worse when some sites - looking at you PayPal - hand out the email address to other parties and can't even see what's wrong with that when it's draw to their attention. Given that most folk only have one email address anyway the password is the only meaningful credential. No wonder people wiitter on about 2FA. With any reasonable policy about user IDs it would be 3FA.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020