[Doublej]

Firefox 52 now shows you when you are sending your user name and password to a site in a manner which makes it easier for the bad guys to obtain it. Right now 70%-80% of the sites I log into are indicating the site has this issue including AC.

https://support.mozilla.org/t5/Protect-your-privacy/Insecure-password-warning-in-Firefox/ta-p/27861

[WGH]

Thanks, now I can use that as an excuse whenever I make another snide, unhelpful post on AC.

I have a long, impossible to remember random password for every site I visit. The only password I have to remember is the one to open the free KeePass app.
http://keepass.info/

[FullRangeMan]

This Firefox is showing always existed and will be difficult to protect since the guys monitors the entire set of links from the traffic, not to mention the gov.
Obviously there is no a person doing it, its all doing by specific hardware and various software read the huge data files.
There is even free tools on the web.

[Doublej]

This Firefox is showing always existed and will be difficult to protect since the guys monitors the entire set of links from the traffic, not to mention the gov.
Obviously there is no a person doing it, its all doing by specific hardware and various software read the huge data files.
There is even free tools on the web.

True my point is now the lay person knows which sites they go to have insecure logins. There seem to be a lot of them in my world.

[FullRangeMan]

By the current situation is need change password every month, specially gmail.

[JerryM]

Thanks, now I can use that as an excuse whenever I make another snide, unhelpful post on AC.

I have a long, impossible to remember random password for every site I visit. The only password I have to remember is the one to open the free KeePass app.
http://keepass.info/

Very cool, Wayne. Thanks! 

[undertowogt1]

Very cool, Wayne. Thanks! 

I use keepass as well, it works great.

[dB Cooper]

How secure does the password for a BB site need to be? Not very- as long as you don''t (as most people unfortunately do) use the same PW over and over and over on different websites. That's why these types of sites get hacked- not because somebody is going to post an opinion here that I don't agree with and represent it as dB Cooper's opinion- it's because they know that statistically, I'm likely to use the same PW here as on my banking website (but I don't). So I use the same PW on most BB sites, but if any sites store sensitive info (credit card numbers for example), those sites get a strong password. This helps cut down on password glut, but I still have too many. If you follow the often-heard advice to use a distinct PW for each and every site, you'll soon have 350 passwords and you'll never be able to remember them without an app. I use 1Password btw, available in Win, Mac, iOS and (IIRC) Android versions.

[Johnny2Bad]

I use the same password across perhaps 75 sites. I do not care if some hacker discovers any of them.

I don't use easy passwords for sites that actually matter, though. Facebook, PayPal, my Bank, any site that stores my CC information all get long, unique passwords, and use unique eMail addresses as well. For example PayPal uses one eMail address exclusively; no other site has that address. And so on.

As a Mac user since 1990, I have long had an eMail account with Apple. They allow you to create five aliases, that is unique eMail addresses linked to the one account. Since all .mac .me and .icloud addresses also resolve to the same account (eg happy@.mac, happy@.me and happy@.icloud), you have 15 unique addresses to choose from. Want more? Create another iCloud account, and get 15 more. And then there's Gmail, or whomever else you choose to use.

There is no reason why anyone cannot use unique addresses to help identify who, exactly, leaked one if you start getting spammed. For example gMail ignores everything after a period ... happy.guy@gmail.com will be sent to the same account as happy@gmail.com. You can create as many unique addresses as you want with that technique ... even happy.audiocircle@gmail.com would work.

But website forums? Go ahead, post as me. I've been online for almost 23 years, and I get about 10 spam messages a year. I know for a fact that they all are due to Chinese vendors on eBay with unsecured, probably pirated versions of XP as their main OS, because they come addressed to an account that is only used for such transactions.

Not a big issue, I don't even have any active spam filters. Don't need them.

I don't trust 3rd party Password Managers (I've been around computers long enough to have been victimized by software developers who abruptly abandon their products *) and my web apps have nothing configured for auto-inserting anything. I simply remember the passwords I need to use. It's not difficult if there are only a half dozen that matter.

My typical secure password is 16 characters & uppercase / lowercase & letters / numerals / punctuation. I should probably add some more characters to them, now that I think about it. My ordinary forum password is similar but without punctuation and only 15 characters. It's often not worth the effort to make your forum password more secure, as a lot of forum software won't actually accept a truly secure password. Some won't accept one more than 8 characters long. I have one account at a bank that won't accept punctuation characters. What are you supposed to do?

 I dump all cookies, including Adobe Flash Cookies, about once a week. I then will have to login again at all the sites I visit.

* I make it a point to stop using any software from a vendor that abandons products. Just today I had to quit using Canvas because ACDSystems won't support my antiquated version, not even to allow upgrade pricing, only versions from 2016 or 2017 are supported or eligible. A product I've been using for 15 years, but that ends today. They aren't the only game in town. See 'ya.