Why your tiered password scheme is flawed, and what to do about it.
First, let me explain what I mean by “tiered password scheme”. Many perfectly smart people I know have one strong password they use for one or two online banking type sites. They’ll then have a “medium security” password they use on sites that kind of important to them (maybe those sites have their credit card info stored), but not critical to day to day stuff. Then they’ll have one or two passwords they use on all the other sites like Twitter, Yahoo!, Facebook, GMail, etc. Obviously they’re being relatively careful about the important stuff and that’s good, but the flaw in this system is in the perception of pain. People think “wow, it would massively suck if my bank account password got out, but it’s not such a big deal if my Twitter password gets compromised. I can always make another Twitter account.” Or, they’ll say “Why would anyone care about hacking my account? There’s nothing special about it.” And while there’s nothing inaccurate about those thoughts, they’re also totally missing the point.
