Ref*cktoring highlights an issue that’s bothered me for a long time: what if various websites kept track of your failed password attempts?
My moral compass just flips out at the thought of my providers keeping my incorrect login attempts.
If you have a handful of passwords that you use between sites, you may be giving your password to another site inadvertently. This probably (I hope!) isn’t a problem with most mainstream sites like Google and Facebook, but could be a bigger issue with some of smaller, less-known sites.