Strong disagree about password reuse, the average person has multiple dozens if not hundreds of accounts on various services. Even if none of them ever get hacked, you are still trusting thousands of engineers having access to production to not record the passwords that are sent to them with each login.
Just use a random password per service and keep it in a password manager.
> Again, if companies didn't treat password data carelessly
This is not a real solution. The real world is full of unreliable actors and byzantine generals. Any solution that depends on a perfect environment isn’t one.
The problem is you don’t need to get one company to behave well. You need to get every company to behave well.
It’s almost like saying “we don’t need to spend money on a court system, if we just got everyone in the country to work out their disagreements amicably”. While… true, it doesn’t sound like a plausible solution to my ear.
