Originally Posted by
Bonehead
If someone has a list of passwords and PINs, what's the difference?
Since about three failed login attempts locks the account, the hysteria regarding PINs seems a tad overblown.
This. Add to that the attack that happened to UA (& AA), from everything I've read, was a result of not one but two items tied together. First was the hacking of a third party party site and second, user stupidity for using the exact same username/password combo, which were tried in the UA/AA site with some success. UAs use of PINs had nothing to do with this, and a lack of them wouldn't have helped either.
Security experts for years have been telling people not to use the same passwords on multiple sites, but many don't listen because they want something that makes it as easy as possible for the. But this also leads to insecure accounts. I use a simple password manager. It's both an easy and cheap solution that I argue everybody should be using if they value the security of their accounts.