I believe we should accept it as one of the rules. Good project would require KYC, if they want to have the legal part of it be right. I try not to participate in too many ICO and usually ignore airdrops, so my frustration about it is limited to a small number.

I watched a lecture on that topic some time ago. It said that the main thing about password is in its length and the randomness of the used words. They said something like: sunnyflyuingpotatoesholiday is aslmost as hard to crack as the ones with symbols and numbers. Don't know if it's true, but the lecture was persuasive)