Yes, every site should be. The average user shares their niche acquarium site login username/password with their gmail login and bank and everything else.
In the physical universe we occupy a given user's most security-sensitive site is exactly as vulnerable as their least security-conscious site. It behooves us as professionals to take that fact seriously.
>Yes, every site should be. The average user shares their niche acquarium site login username/password with their gmail login and bank and everything else.
So what? Not every site has a login, or stores details about users. What about sites that are purely informational? If a site doesn't have passwords, why are you worried about users re-using passwords?
In the physical universe we occupy a given user's most security-sensitive site is exactly as vulnerable as their least security-conscious site. It behooves us as professionals to take that fact seriously.