Now I'm quite ignorant about good http security but it seems to me that using different passwords for each website would help a little. Not much but at least only those websites that you visited from a given WiFi hotspot would be vulnerable. I really like the open soruce KeePass utility as it will generate random passwords and I can use a hot key to fill in my userid and password. One complaint though is websites that don't allow a 20 character password and don't ell you that it's too long. So you register with a 20 character password which is truncated and now you have to figure out what the length really is. Of course folks reading this blog undersrant this issue. The masses have not a clue.