Exactly the problems I run into... My life doesn't depend on the 1200$ here or there I risk losing and/or having to jump through hoops to recover (as this guy did).
Indeed. The guy in the article should just do a simple 8 character password with at least one capital, number and special. That combo comes out to something like 10^400 possibilities or some crazy thing. Not a password that will be broken on three tries before the host site locks you out. Ug!
Sorry, no. New passwords every 6 months undermines the association that may make a unique password for every site reasonable...In practice it normalizes passwords between sites. But the normalization of passwords is problematic...reusing the same patterns, using readily available info (birthdays, partial SSNs, etc). But it's impossible to do this uniquely for each password...at best you can hold one password paramount (and thus undermine the rest). We know from experience that the vast majority of people can maintain phone numbers of many people...a point forgotten with the advent of the very same technology that is supposedly simplifies communication....but when that changes every X months, on every site I go to, the effect is to undermine passwords. The problem is password "security" occurs in a vacuum where only that password exists (and in no other site), and they're obvious that both remembering and not recording are ignored...and that changing passwords every x Months compounds the problem...