When you think about security, you should have in mind who you are protecting against, and the same applies to passwords.
Security purists love to advocate that password reuse is evil, but who in the first place is going to be your attacker and for which purpose?
For example, in the context of money (online banking, paypal, ebay, etc.) I completely agree that password reuse is evil.
But when it comes to random websites, or simply to access my devices does it really matter? The first time I saw the Chromebook my first impression was "do I really have to write my entire Gmail password EVERY TIME I want to access this thing???" With my Galaxy S5 I was like "Don't tell me how should I create a password to unlock you!!! If I want to use 0000 it's my problem!!!"
I personally like the approach of FastMail: Different Login methods (like using Google Authenticator to generate random one time use passwords, or the ability to create different plaintext passwords). You decide which login methods allows you to access your account, and which ones allows you to manage it.
> Security purists love to advocate that password reuse is evil, but who in the first place is going to be your attacker and for which purpose?
You don't know, that's why password reuse is evil.
Years ago when I made my Facebook account it used the same password as all my other accounts. Now that I use Facebook as an OpenID provider for pretty much any news site I would be exposing myself and my friends to all sorts of attacks if someone found hacked a phpBB forum that I frequented years ago. You could make the argument that only important sites should have unique passwords, but you, your grandmother, and I all have a different definition of important sites.
OpenID does not provide your password to each site that you use it on... It uses a token that only that site can use, for the permissions that were shown when you created the token. If someone did acquire that token, you could just change your Facebook password and the token would expire
If my Facebook password and some old website's password are the same my Facebook can be compromised. Then the attacker can run around on the net pretending to be me at any OpenID accepting website.
OpenID isn't being attacked or at fault, it's non-unique passwords.
When you think about security, you should have in mind who you are protecting against, and the same applies to passwords.
Security purists love to advocate that password reuse is evil, but who in the first place is going to be your attacker and for which purpose?
For example, in the context of money (online banking, paypal, ebay, etc.) I completely agree that password reuse is evil.
But when it comes to random websites, or simply to access my devices does it really matter? The first time I saw the Chromebook my first impression was "do I really have to write my entire Gmail password EVERY TIME I want to access this thing???" With my Galaxy S5 I was like "Don't tell me how should I create a password to unlock you!!! If I want to use 0000 it's my problem!!!"
I personally like the approach of FastMail: Different Login methods (like using Google Authenticator to generate random one time use passwords, or the ability to create different plaintext passwords). You decide which login methods allows you to access your account, and which ones allows you to manage it.