

What Will It Take to Make People Stop Using '12345' and 'Password' as Passwords? - SunTzu55
http://news.dice.com/2015/01/21/the-most-popular-bad-passwords-of-2014/

======
onion2k
You'll never stop people doing that. People like systems that are easy, and
refuse to use systems that are difficult. 2 factor auth is a good compromise -
it's secure, and you can save the second authentication factor until the user
tries to do something important - eg Amazon lets you view your previous
transactions with just a cookie, but if you want to add a new address you need
to reenter your password. Or online banking that frequently lets you log in
with just a password but requires a securekey authentication to add a new
payment recipient.

Also, systems ought to mitigate the harm from a compromised account as easily
as possible too. I should be able to rollback updates to my account, delete
content posted from my account, and so on, _very_ easily. Tricky to do in
massively distributed databases like Twitter or Facebook but definitely
possible.

