I’m sure that the HBGary executives were thinking the same thing most of us do: “I’m kind of busy right now, and I’ll change it to something stronger when I have a little more time.” I’ve done that more times than I care to think about, as I noted in December when the Gawker story broke. Since then, I’ve become a little bit better at resisting the temptation to slap a quick and dirty password on an account. But I’m still doing it from time to time, as I realized the last time I ordered a cable from my new favorite vendor for such things.
Long ago, I came up with a system for creating and remembering unique credentials for sites, only to be stymied by sites that refused to allow non-alphanumeric characters in either the password or username field. Even now, there’s a surprising number of sites that refuse to accept the plus sign in a gmail address (ex: firstname.lastname@example.org) which is completely legitimate!
KeePass and similar utilities are a great help in this regard.