If I can get into your email address by changing the password, then comb your inbox and saved emails for the word "password", I can change your email password back to your most common password. On top of that, you'd only need a few hours - easily gained by attacking when someone is most likely to be asleep - to compromise far more secure things. Once you have access to the average user's email inbox, you have a list of passwords for other things. It's not the size of the password that counts for security, it's where you store it.
Slashdot Mirror
If I can get into your email address by changing the password, then comb your inbox and saved emails for the word "password", I can change your email password back to your most common password. On top of that, you'd only need a few hours - easily gained by attacking when someone is most likely to be asleep - to compromise far more secure things. Once you have access to the average user's email inbox, you have a list of passwords for other things. It's not the size of the password that counts for security, it's where you store it.