Great article, all of which I agree with. I'm more than happy to use Twitter to trivial logins, and I'll stick to a unique password for each of my bank accounts. It is safer and it is more convenient. With regard to point 1, and this may not be correct, I believe that both the full database and the source code were compromised. If this is the case, then salts are of little use. I do advocate the use of both a database-stored salt and an application (source code) salt, however, so that if the database is compromised, password hashes (with their salts) are still secure. In the case of Gawker too many mistakes were made.