

I’m done changing my passwords - jruckman
https://medium.com/privacy-security-policy/cc7c13b6639a
Screw it
======
pfranz
"Make me choose a new password next time I login. Quick and easy."

If your l/p was leaked, that means it could be changed by someone malicious
first (especially if it's a service you don't log into regularly). Email w/ a
token in the URL sounds like a safer option to me--I understand he doesn't
care about these accounts.

I do wonder why there isn't more onus (legally) on the website for dealing
with more of this. Especially with Heartbleed, there were a lot of third-party
tools to find out if a website you use was affected, but only a handful of
websites actually alerted users and suggested they change their password.

I also agree that many people overvalue a lot of these online accounts.

