I have a algorithm I use in my head that's based on the site name. It's not perfect, and if someone *really* wanted to figure it out and they had one of my passwords, they could do it. But, the barrier has been raised at least so most hackers will just test it out on various major sites then ignore it if it doesn't work.

For instance, say your main password is "bur_rito" (too short, but it's an example), and the site here is slashdot.org. To create a unique password, you could do something like:
  * Take the 2nd and 4th letters of the website and insert them into a specific spots in your password, like:
    * buSr_rLito
  * Then, take the site extension and give it a numbering system in your head (i.e., 1 for .com, 2 for .org, 3 for .edu, 4 for .us, 5 for everything else), then insert it into specific spots like:
    * bu2r_rLit2o

If you want to change your passwords regularly, it gets a little trickier, but it's better than using a unique one everywhere. It's also annoying that every site has its own restrictions on non-alphanumerics and password lengths.

Most site admins are clueless about security, so the fact that they caught the intrusion at all is a very good sign.

I always wonder how many sites are actually compromised out there.

Remember, folks, it's always a good idea to USE A UNIQUE PASSWORD ON EVERY SITE! Of course, I'm probably preaching to the choir here.