Here’s the thing about securing credentials in web apps; you’re not just responsible for securing your application, you’re also responsible for securing your customer’s identities. Just 25 passwords were used a total of 13,411 times by people with Gawker accounts. How do we know this? Because every one of these passwords and hundreds of thousands more were stolen from Gawker last month and released into the wild where they are now readily accessible. Because people reuse their credentials, Gawker’s approach to application security didn’t just compromise their own data, it compromised an untold number of other applications.