Blame the user is a bankrupt strategy. Maybe you can deflect the blame, but it does nothing to keep the black hats at bay. In essence, you are admitting you are wrong. (Clearly passwords period are broken for use by non geeks, but that is another can of worms.)
It's not anyone's fault but yours if you reuse a password. But now the straw men will come out of the woodwork, declaring that password reuse is somehow a good thing.
All this shit started because someone who does not understand security thought it was horrible that a local program might store a password locally in plain text. There are a billion local programs that store passwords in a reversible way. Know why? Because sending a non-mac password is the same if it's hashed or not.
Blame whoever you want to blame, I don't care. But don't tell me Pandora is responsible for the total security of every moron on the internet, either.
> But don't tell me Pandora is responsible for the total security of every moron on the internet, either.
Real security needs to work, even without the education and cooperation of "every moron on the internet" or it isn't going to work. Implementing systems that don't work in the face of this is just failing, then pointing fingers.
