This is one of those things that drives me somewhat crazy. I've slowly gotten my wife away from the habit, and I've been trying to instill this in my kids. Using passwords across sites, even non-secure ones, is a bad idea.

Last week Yahoo was hacked, with thousands of accounts being compromised. However the attack is having a ripple effect, with the same users having the same passwords on other sites run by Google, Hotmail, Live, Verizon, and other companies. If you have an account on Yahoo, make sure that you have changed passwords on other sites. And please don't use the same password again.

Password security is a hot button, and I've written about it before, with some great comments in the discussions. It's not just on web applications, but also applications within your company. I'd be concerned that system administrators might use the same password (or variation of it) on their secure account that the might use on the GMail account. The problem with this is that if GMail is hacked, it's entirely possible that your internal systems might be compromised.

Do yourself a favor, and others, and preach the benefits of using a password tool of some sort. Password Safe and KeePass seem to be the most popular, with ports across many platforms. They're easy to use, and while they might not be perfectly secure, they are more secure than you using the same password, or easy to crack passwords, on various systems.

Steve Jones