Let's not forget that half the problem isn't reuse of passwords, it's reuse of user IDs. That's because so many sites want an email address as an ID - and perhaps reinforce that by sending an email to confirm and most people only have one email address. It doesn't matter so much if your password's Pa$$word when you user ID's UsSnkbi32tGdxTFP or '@"p3a@}%3e%Ngud