It clearly isn't going to change: This story has played out time and time again as password databases are compromised and accounts are exploited. While those attacks get the loudest attention, it seems likely that there are much quieter misuse of credentials by the people who you trust with them. If you used the same password for iTunes or PayPal that you used for some random site, for instance, it seems obvious that the rolls of the dice will yield a compromise at some point. Even if they carefully scrypt your password before putting it in their database, there are zero guarantees that the sites themselves aren't doing other things with it.
So what is the solution? A better input type="password"? OpenId, OpenAuth, or Facebook Connect, putting more eggs in one basket? Two-factor authentication (widely usable now with OATH implementations of HOTP/TOTP in smartphone apps)?
Something needs to improve because the same story keeps playing out.
ergo98 writes: As reported here, a recent CNN article had that statement that "77% of iPhone owners say they'll buy another iPhone, compared to 20% of Android customers who say they'll buy another Android phone." This was a gross misrepresentation. The CNN story now says that "77% of iPhone owners say they'll buy another iPhone, compared to 20% of smartphone customers who say they'll buy an Android phone." The Yankee Group has further sought to clarify the situation by saying that the 20% are people who explicitly said they would buy a "Google-branded" phone (which excludes the overwhelming majority of popular Android phones). Skeptics, pat yourself on the back.