#. User registers an account with a careless service, eg Facebook, Yahoo,
Google, Equifax etc. etc.
-#. The service is hacked and the password database is leaked
-#. The hacker logs in to the email accounts
+#. The service is hacked and the password and email is leaked
+#. The hacker logs in to the email account
#. The hacker resets passwords on all important accounts tied to that email
address
* Tr0ub4dor&3 -> 28 bits of entropy, hard to remember
* correct horse battery stable -> 44 bits of entropy, easy to remember
-Use passphrases everywhere you have to remember.
+If you have to remember it, use a passphrase.
Generate passphrases with Diceware
==================================