Accounts aren't all created equal. Some of my accounts, such as my domain account at work and my online banking account have real power to screw me over. Some are in the middle, like my LinkedIn account, or my gmail account, since they could be used for social engineering. Some are trivial like my Fark account or my Hacker News account. In that last tier, there's no way it's worth my time to keep rotating those on a regular basis. It wouldn't be even that much of a crime to use the same password on them, since there's virtually no way someone's going to pivot from a Fark account into my bank account. So quit being so dogmatic is what I'm saying.
I would recommend lofting your email authentication into the same protection category as your bank account:
a) There is a nonzero probability that your bank can be socially engineered using information obtained from compromising your email account and anything that trusts it.
b) An email account compromise implicitly means every service that resets/recovers through it has to be rekeyed. The subsequent cleaning of the stables can be messy, lengthy, and itself somewhat risky.
In particular, if you haven't already, enable MFA. If your email provider does not support MFA, change your provider.
> It wouldn't be even that much of a crime to use the same password on them, since there's virtually no way someone's going to pivot from a Fark account into my bank account. So quit being so dogmatic is what I'm saying.
This is 2016, we have password managers. Using different passwords for each site shouldn't be any more difficult than if you had not. Even using the built in ones in your browser of choice is better than not using one at all and makes using site specific passwords easy. Chrome even has a built in password generator for you, I assume this is using your operating systems CSPRNG (or BoringSSL's?) although I'm not 100% sure about that.
