Can we instigate a rule wherein any internet company with more than 10 users that is found not to be using salted encrypted hashes for their user password database… gets to have its website shut down, servers sold for scrap and entire web development team slowly impaled on sharpened Aeron chairs?
People keep harping on the stupidity of end-users in their choice of passwords, but with proper hashing and salting, even password123 would make a halfway-decent password.