If nothing else, the attack on Gawker is what the President likes to call "a teachable moment," with lessons for anyone who uses the Web. (And speaking of the President, two of the stolen passwords were associated with the domain whitehouse.gov.)
Lesson One: Don't use the same password on multiple sites.
If the worst thing that could happen to Gawker users was that someone would post a fake comment, nobody would really care. But "attackers will undoubtedly be testing the cracked passwords against both personal and corporate services such as e-mail accounts, online banking sites, VPN remote access logins," Jon Oberheide, the co-founder of Duo Security, said in a .
Duo technicians downloaded the Gawker file, and in just one hour solved 190,000 passwords; before long 400,000 were broken. Duo posted the 25 most common passwords on its site — but without identifying email addresses or user names — and that brings me to the
Lesson Two: Use a strong password, something many Gawkers users haven't figured out.