Six Password Security Tips to Learn from Gawker Hack

The Germans have a word for it: Schadenfreude, taking pleasure in someone else's misfortune. And I have to admit, I did a feel a twinge of satisfaction when Gawker, one of the snarkiest and most self-satisfied collection of sites on the Web, was hacked. But I do worry about the 1.2 million people whose passwords were stolen and posted on the Web for any moderately skilled bad guy to crack and use.

If nothing else, the attack on Gawker is what the President likes to call "a teachable moment," with lessons for anyone who uses the Web. (And speaking of the President, two of the stolen passwords were associated with the domain

Lesson One: Don't use the same password on multiple sites.

If the worst thing that could happen to Gawker users was that someone would post a fake comment, nobody would really care. But "attackers will undoubtedly be testing the cracked passwords against both personal and corporate services such as e-mail accounts, online banking sites, VPN remote access logins," Jon Oberheide, the co-founder of Duo Security, said in a .

Duo technicians downloaded the Gawker file, and in just one hour solved 190,000 passwords; before long 400,000 were broken. Duo posted the 25 most common passwords on its site — but without identifying email addresses or user names — and that brings me to the

Lesson Two: Use a strong password, something many Gawkers users haven't figured out.