@nsa This is so true.

I try to convince developers that whenever they type or use passwords - they should consider if they do something wrong.

There are tokens, yubico keys, ssh keys, and a host of other possibilities that is better than passwords.