As another datapoint, I have a weak password for sites that I wouldn't care at all if they were compromised. For everything remotely important I use a separate random password at the max length allowed.
Another datapoint: my computer is just as good in remembering strong passwords as it is in remembering weak ones, so I use strong ones almost everywhere. My weakest password is the one that opens my keychain, but that one never leaves my computers (at least, I trust it doesn't. That probably is the weakest part of my password management)
Yeah, clearly the message here is: hackers understand that passwords are mostly useless security features if you don't trust the site you're using them on. Better to make them easier to put in than use something high security and have it compromised. Using your bank password on, say, GitHub, is a bad idea.
I would like to see LastPass et al add this to their interface: auto-detect max length, allowed characters, etc. it would be for user convenience but they could even phone those characteristics home and start shaming services that employ poor practices.
Same here - Any account I don't care about has a password that can be easily typed using only my left hand. Everything else has a large randomized password that I don't even know.
