Forget the passwords - I'm not endorsing anything more complex. I am merely trying to point out that some criminals will just walk right around the entire authentication process, steal heaps of credentials, then use them until someone catches on. All this using well-known, un-patched vulnerabilities. And probably lesser known vulnerabilities as well.

The credentials concept put forth here is, disregarding all else, sensible to me. But good credentials are of no help in a bad system.

Diebold.

Diebold Diebold and some more Diebold. And TJMaxx.