Me. Admittedly, it's stupid as hell, but has generally been too much of a pain to do anything else (for things outside of banking, email). I've started to get serious about KeePass lately, but I bet a significant percentage of users take the lazy approach.

Having to type in my Apple password on iOS once every few hours inevitably means I have to use something memorizable and quick to type. There are certain trade-offs with different passwords.

What's causing you to have to retype passwords every few hours?

If you're doing something that makes that normal procedure, consider using the browser inside 1Password for iOS.

Installing and updating apps, I'm guessing.

That, and the app sync prompts between iOS devices.

My linkedin password is an easy one. Then I checked 1password to see how many other sites I use that password on.

74 sites... including gmail, openid, facebook, skype, amazon, dropbox, reddit and this site.

Out of curiosity: if you use 1Password, why are you reusing a password across critical sites?

Most of them are from the era before 1password - also, I didn't realize until now how bad it was.

Full disclosure: I reuse passwords on "low-value" accounts too ... I am NOT innocent either.

I've developed a system (kept only in my head) where every password I use is based off on the name of the service. This means that with just one of my passwords, you're most likely not getting anywhere. With two, you have a bigger chance of figuring out the differences and thus the system, but it works fine for me at the moment.

Other than the simple top 100 password list, a password based on the name of the service is the most likely password that everyone has.

Usually something like "domainname"+"common password for all sites"

Don't underestimate me. It contains many numbers extracted from the letters according to various rules (order in alphabet, backwards, etc), along with special characters.

aha! same for me ;)

just use a couple of shitty passwords for sites you don't care about, and remember the other ones.

E.g. my hacker news account would probably be relatively unproblematic to compromise. If that were to happen, I'd just make a new one though.

I take things a step further -- I have no idea what my password is on sites like HN or reddit. If the cookie is ever gone, my account is gone.

I don't like the idea of identity permanence.

Instead of shitty passwords though, why not use something like 1Password to store the logins? I use that (or an old fashioned piece of paper in a secure location) for meaningful security tokens.

Yeah, I actually deliberately make new accounts on reddit and HN every couple of months

But what about your kar- nevermind.

Ha. I'm in the same boat. This is my second account after the first one got ghost banned (for a single comment and the followups attempting to explain).

I generally use the same password for what I feel are non-critical sites like LinkedIn, twitter and Facebook. Another password for testing new services/apps etc. As a rule any site that may contain my credit card data or sensitive information I use a separate password. I feel this is the best compromise to having complex passwords for each account.

I used this in the past as well. But then started thinking about what non-critical is. As a "internet professional", even my Facebook account being compromised would be negative impact on my image; on LinkedIN doubly so due to it's professional character. So I basically decided that I'm not going to distinguish at all (sliding slope) and just have randomly generated passwords for all sites (not for my Mac though, too much hassle/attack vectors are different).

Safe >> Sorry

EDIT: Just checked, and my randomly generated password is in the leaked list of hashed passwords. I'm not using that same password anywhere else, so the source MUST be LinkedIN through whatever means (or it's some Mac/PC based attack vector, and these folks only leaked LinkedIN accounts which sounds very implausible).