Look at the LavaBit story and YaHoo (links to follow) and you discover that at least in the USA if you had airtight security, you will have visits from the same folk in no time. It's a shame that our government is not about to allow us to be secure on the web.
1. LavaBit -> http://en.wikipedia.org/wiki/Lavabit
2. YaHoo -> http://www.theguardian.com/world/2014/sep/11/yahoo-nsa-lawsuit-documents-fine-user-data-refusal
There's more but our government is to blame for most of the insecurity.
Bob
The PWD discussion is great; lots of ideas on how to keep YOUR PWDs safe from penetration of YOUR computer. But.... what about the terrible lack of security at the web sites you browse and if they (the Company owning the website) is hacked then your information they have stored is stolen? That information may NOT be encrypted so for your access to THAT company you are compromised. We are told to change our PWDs if a company like TARGET gets hacked. Unless your PWD is unique (i.e. not used in any other site) then you are only vunerable to the one site (e.g.TARGET). However if you have used the same PWD at other sites, you are doomed to change ALL your PWDs to be safe. Uniqueness is key here, I Think.
My questions:
1) By having EVERY PWD unique, you can change just that PWD and not any of the others. Seems to be a mandantory procedure for all.
2) Password Managers ONLY protect someone from penetrating your system and get the prize of all your PWDs. But WHO is looking at a single user's system for such penetration? Seems that Password Managers are protecting a lot of data that no hacker wants anyway.
Am I correct in how sites such as TARGET, et al save your ID & PWD to check if you are authorized? Boy, if THAT data is not protected except by that Company's expertise in handling sensitive data... then THAT is where our biggest exposure lies, is it not?
Jim B

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic