I fell victim to that once, when I hadn't "upgraded" the re-used throwaway password I'd used to register to see what some random website was. When my throwaway password got exposed (in cleartext facepalm!) by PerlMonks, within a day or so someone had used it to send Acai Berry spam through my Twitter account (which 'd completely forgotten was still using a shared/throwaway password even though it had turned from "some random new website I was curious about" into "somewhere where I actually care about my online reputation").
Just don't re-used passwords _anywhere_ - choose a password generation/storage solution that works across all your devices, and use it to generate unique strong passwords for everything. (1PassWord + DropBox works great for me across my MacOSX, iOS, Android, and Windows devices - I occasionally would like it on Linux too, but rarely enough that I'm satisfied to use my phone and re-type passwords in Linux)
Interesting. It is certainly needed to "upgrade" passwords sometimes.
My beef with 1PW is that it's a single point of failure, not to mention inconvenience/risks. For example, what if I need to check gmail in a trusted, but borrowed device.
The main issue I think is that using only one password for security is insufficient (but not necessarily go for a 2-factor auth)
On the "inconvenient/risks" point - yeah, security is pretty much always a trade-off between convenience and risk. I've already chosen two factor auth for gmail (and Amazon and Dropbox, and I'll add any other important service I can to that list when available), so I pretty much need access to one of my two phones or my iPad to run the TOPT token generator - and if I have any of those devices there's clearly no need to me to trust a borrowed device.
(Though in the complete disaster scenario, I have stored in my wallet, as suggested by Bruce Schenier, the app-password my phones use and the list of backup verification codes - unlabelled so a casual thief _probably_ won't know what to do with them... I've also got irregular exports of everything and the 1Password passphrase and phone PIN printed out and stored in an envelope in the office safe. I _think_ I'm sufficiently paranoid about all that...)
I don't see it as "single point of failure", at least not when your using Dropbox syncing - I've got versions of Dropbox running on two phones, an iPad, two laptops, my iMac, and my home theatre box. I've also got a copy of the data available from Dropbox's servers if I even need. (And there is a risk of a corruption to the synced-everywhere datafile propagating to all those places before it's noticed, but 4 of those copies are backed up with Time Machine (in two different physical locations), and Dropbox stores archived versions for me as well).
FYI, I've learned a little trick that 1Password doesn't seem to share widely. Go into your Dropbox, and in the 1Password.agilekeychain folder there is a file named 1Password.html. It's a read-only instance of your 1Password keychain usable in anything with a browser.
Yeah, for sure - like I said, it's somewhere where I care about my reputation now. Back in '08 or '09 when the Perl Monks password got exposed, not so much (at least not for me...)
Just don't re-used passwords _anywhere_ - choose a password generation/storage solution that works across all your devices, and use it to generate unique strong passwords for everything. (1PassWord + DropBox works great for me across my MacOSX, iOS, Android, and Windows devices - I occasionally would like it on Linux too, but rarely enough that I'm satisfied to use my phone and re-type passwords in Linux)