Single post in Account Breach incident

Still stronger than "password" by a decent enough margin. There's a reason most sites have stricter password requirements, and if you wanted to make certain people don't reuse their passwords you could always have unique requirements such as requiring it to start with a number and end with a special character. Very easy to do using regular expressions in coding. "([0-9]{1})(?=.*[A-Z])([a-zA-Z0-9[\^$.|?*+()]{1,})([[\^$.|?*+()]{1})" I've seen sites with odd requirements like that, and they're often some of the most secure in terms of passwords. Not only that, but if it's an issue with people reusing passwords, could always do big bold red letters of "CAUTION" upon creating a password, reminding users that reusing passwords may result in them being hacked more easily should it happen, across all sites. There're a number of ways to make the passwords more secure, that was only one option ^^;

---

Edit: Agreeing with TESSA, and for those that don't know what 2FA is, it's multi-factor authentication such as requiring a password and a security code sent to your email. It can be a hassle, but it is often also an option as opposed to a requirement and is available for those that care more about their security. Edit 2: I guess Niet debunked the email issue, but it still remains as an option as opposed to a requirement for those that care about the security.