A chain is no stronger than its weakest link.
Simple rules that have been trumpeted a lot “don’t reuse passwords” and “create strong unique passwords”. PR and public education efforts fall on deaf ears. It’s human nature. People are more likely to know how to beat IT password policies to keep their lame, reused password, than how to find and use a good password manager.
With a string of high profile sites being hacked this kills me. Basically it doesn’t matter how secure my password is, it only matters how many people have used terrible passwords. These weaker passwords allow hackers to reverse engineer the encoding hash of the site and break everyone else’s encrypted passwords. So the big question is:
How do we make security better, when people will always fight to use the easiest and predictable passwords allowed?
Unfortunately I don’t have the answer, I’m just stating what I think is the real challenge. Public awareness and PR efforts will only ever do so much. There are still too many people that think “I just want this to be easy, no one wants my information.” We need to find a way that everyone knows “My lame password just stole everyones information!”