Web passwords
Thomas grumbles about websites with password policies, that make it impossible for you to use your 'standard' password which you use for other sites.
I cannot agree with him more. I have memorized a number of multi-character random passwords (generated with 'pwgen -s'), but these cannot be used on such sites; sometimes they require me to use a character that just doesn't happen to be in the password, or sometimes they're "too long", or whatever.
The worst of them all is sites which require you to change your password every so often, as I've ranted of before; after all, making people change their password too often makes it harder for them to choose a hard-to-guess password; after all, hard-to-guess passwords are often also hard-to-remember passwords, and nobody likes to memorize something useless every two months
In all, I decided not to use my secure passwords on such sites anymore. Not only do their policies usually suck, they also often have dodgy "security questions" which are easy to guess by anyone familiar with yourself. On top of that, there's usually nothing to make me believe their password database is actually secure.
Except, of course, if they have OpenID. Because then it's actually my own server where the password is verified. Whoo.
I usually use a pwgen:ed answer for those stupid "security questions" too. Well that way they are not really useful. But i'm sure that way they are not very exploitable either... anyway it's not a big problem if accidently loose my accounts on random web things.
Most of the sites I've run into let you specify your own "security" question. Mine always ask "What is my password?".
If they only offer a fixed list of questions, I still do the same thing, and the answer just doesn't match the question; good luck to anyone trying to guess my favorite sports team or hometown.