I like many others got a nice message from twitter telling me that they stored everyones passwords unencrypted in a logfile. Is it only me that finds it astonishing that this was even possible in todays security concious climate. even the passwords on this BBS there is no way for admin to ever find out what they are - all we can do is reset them The actual message was pure spin about security how seriously they take it how important it is to have secure passwords etc glossing over the fact that they had them all stored in plain text its hard to believe.
As long as people use a long, complex password they should be OK . I for example, use $m1tH+%1941_&&P1n=237@@R0v3r This may seem complex, but I can recall it purely because I use it for everything. I also cleverly make disguised use of my mums maiden name, card pin and first pet, as these are also commonly required phrases, thus I remember everything in one simple (to me) password. As someone once said, hope this helps.
Its easier just to get a password manager like Enpass, ask it to generate a password and then store it within the app. You need fingerprint or master password to open the app. Worth the few quid it costs.
The answer to this, is "it depends". For sites like the BBS and others which do not contain any personal data, it doesn't really matter - the very worse thing that can happen is a bit of reputational damage and you might have to reset your passwords or create new accounts. However, using that same password for banking or eCommerce sites is asking for trouble. I currently use 1-2 simple password for forums and other similar online sites, and different, more complex passwords for anything that could potentially lose me money