I shouldn't, but I'll weigh in in that debate...
I agree that forum passwords are not important per se
, but only if you do like me and have an unique mail address and password for each. I mean, what could a hacker gain by stealing an email address like "firstname.lastname@example.org
" and some password? Not much, except the ability to spam this specific forum once or twice in my name. Annoying for the moderators, but hardly a security issue.
The real problem is about people who for some reasons reuse the same email and passwords for all kind of sites. That's a big no-no. In this case, gaining your Linux Mint credentials would immediately allow them to log into your bank account. That
is the thing people should avoid at all costs, and that's
why the Mint people suggested people change their passwords - Not just here, but at your bank account, if
it uses the same email/password combo as your Linux Mint forum account.
As for remembering a host of complex and long passwords, there is a technical solution for this: Password managers... Simple ones (for unimportant stuff) are already integrated in your browser (Firefox at least), so there is really no valid excuse to reuse passwords.
I have currently over 60 passwords, some of which are important and thus long and complex (32 characters and more). On the other hand my own RAM stinks, I can't even remember my own phone number. That's where a Password Manager comes in handy: You just have to remember one single complex password, and all the others are safely stored inside the Password Manager. Just backup the database (small USB sticks are cheap) and there is little which can happen to you, even if your house and computer burns down. Put a backup stick in your car, one at the office, one at your aunt's, and you're covered.
Ideally, in this world of spam, you would also have lots of different emails. Unfortunately this is only really possible if you have your own domain and mail servers. If you do (lots of people do actually), never use the same email twice. Give one site/store/company "dF5x9@mydomain.foo
", the next site "email@example.com
". This way not only you don't care about any leaks, but also if some email address starts to get spammed, you just drop it. Easily. No need to notify all your friends and colleagues and change email on a hundred different stores, forums and services; You know that address is only used here, so you just have to change it here, period. Life becomes so easy... I still do see spam, almost every month. That's all.