A good security practice is to avoid reusable passwords where possible, particularly for accounts where money is involved. Another security practice is to avoid reusing the same password at multiple sites.

A credit card number is a reusable password. It gives access to money. Thanks to the payment card industry (PCI) we're supposed to trust this reusable password at all the vendors where we shop? And trust that each of those vendors will keep their card processing devices and back end systems secure from external and internal intrusion?

Meanwhile, instead of eliminating the reusable passwords, PCI passes the risk on to card accepting companies by imposing hundreds of security standards on each card accepting company (see www.pcisecuritystandards.org). Failure to comply means increased credit card transaction fees or prohibition from processing credit cards.

As a customer, I prefer using credit cards to cash for the convenience and record keeping value. As an IT guy, I've spent many evenings and weekends working to comply with PCI standards to protect these static reusable passwords from compromise.

A better solution would be to eliminate the static reusable credit-card passwords from existence.

They mush have stored the designs for the single-play DVD on a single-play DVD.

Doh!