These days nearly everything you use has an online account and needs a password, from social networks to IoT teddy bears. Best practice would be for users to create unique and non-obvious passwords for each service, but in reality how many of us really use 10's or 100's of unique passwords? People are inherently lazy and passwords tend to get re-used, so if one account is compromised it may affect others as well.
The problem is that not all of the companies asking you to create passwords are cyber security specialists. A recent story of an IoT toy maker being hacked is a great example. The company is probably great at making teddy bears, but wasn't so hot at encryption and best practices for keeping their users details safe. This puts customers in a tricky situation - when buying services from low-tech companies that require an online account and password, you can pretty much assume it's going to be hacked.
So what's the solution? Password managers are slowly gaining traction, both as stand-alone services and features in internet browsers. The big tech companies are also making a play into the space, offering authentication as a service. All I know is that, as a consumer, I don't want to have to care about passwords. I just want to magically be able to log-in with ease, and be certain that my details are safe - and that's where the market opportunity is.
A maker of Internet-connected stuffed animal toys has exposed more than 2 million voice recordings of children and parents, as well as e-mail addresses and password data for more than 800,000 accounts.