This is much better advice than the "3 categories of password" the GP mentioned. Actually, 3 categories plus derivation is good ;-)
The other day I was glad of that. I bought a game, was asked to create an account, typed in a password at the site; then received a confirmation email with the password in plain text - which probably means they are stored in plain text, not to mention left lying around in mail archives. Just a matter of time until one of those sites gets hacked and their DBs circulated.
(P.S. I did write them a polite note suggesting not doing it, and they seem to at least have stopped sending passwords in email; I don't have much hope about their storing hashes. Probably plenty of others less blatant but just as insecure ...)
The other day I was glad of that. I bought a game, was asked to create an account, typed in a password at the site; then received a confirmation email with the password in plain text - which probably means they are stored in plain text, not to mention left lying around in mail archives. Just a matter of time until one of those sites gets hacked and their DBs circulated.
(P.S. I did write them a polite note suggesting not doing it, and they seem to at least have stopped sending passwords in email; I don't have much hope about their storing hashes. Probably plenty of others less blatant but just as insecure ...)