Originally Posted by
packetshard
I can't stress enough that you shouldn't use the same password for more than one thing, and really think long and hard about using your Facebook/Google/whatever account to authenticate to some other service.
What would you use to authenticate? And what would you do if you lose or forget that?
The problem is how to make sure the password reset mechanism is safe. Virtually everything has some method of giving you access if you lose your password (for example, would you want to be permanently locked out of your bank account if you forgot your password).
It's relatively easy to design encryption that can withstand brute force attacks. It's a lot harder to make sure people aren't locked out forever (or inconvenienced to the point of absurdity) and are secure.