However, you seem to be totally missing the point made in the previous post, namely that people are, on the whole, pretty dumb.
The whole discussion revolves around a fundamental principal that is simply broken to begin with, akin to "How to try not to die when you eat rotting meat".
Don't eat rotting meat. Use a fridge. Etc.
In the case of passwords-
-Use a shared authentication platform
-or on sign-up implore that your users do not use a shared password. Education
-or offer, or force, a generated password
But instead we'll discuss the risk that shared passwords get lost, when they were in the wild the moment you used them on a second site.
This is a disingenuous analogy - the reason people keep eating rotting meat is because there isn't a usable alternative for the vast majority. Fridges are unknown, to hopelessly overload the metaphor, to the masses and those that are aware of them are reluctant to shell out for the cost.
The problem needs to be solved at a more fundamental level - people should not have to be forced to perform a function that they are demonstrably bad at. Mitigation strategies like having randomised passwords and storing them in a shared authentication platform are only masking the reality that passwords are a bad way of performing authentication.
Not that I'm clever enough to come up with an alternative mind you, and not to suggest that I don't agree with your premise that using a password in multiple places is a bad idea.
I love this analogy. But, to continue it a little further, the article and discussion are about "preventing meat from rotting during transportation," and you seem to be saying, "screw it, the customer should know not to buy the meat if it's gone bad." Going even further: most countries have consumer protection laws that prevent things like selling rotting meat.
If you have given an untrusted third party site the credentials that you use on other sites, that meat is complete fetid. It is now deadly.
This whole discussion is arguing about what to do once the meat is rotten, rather than daring to maybe discuss not selling rotten meat in the first place.
When a site gets compromised and the passwords may get stolen (because of weak or no cryptography), the site should send out password reset emails en mass, and that should be the end of the whole issue. Instead it's moralizing about how they put everyone at risk because of other sites where the same credentials work. No, the user put themselves 100% at risk. But it is never discussed that way, and instead we continue this ignorance train.
As an aside, I marvel that some defensive imbecile keeps coming deep into this thread to downvote me.
The whole discussion revolves around a fundamental principal that is simply broken to begin with, akin to "How to try not to die when you eat rotting meat".
Don't eat rotting meat. Use a fridge. Etc.
In the case of passwords-
-Use a shared authentication platform -or on sign-up implore that your users do not use a shared password. Education -or offer, or force, a generated password
But instead we'll discuss the risk that shared passwords get lost, when they were in the wild the moment you used them on a second site.