A million Sony users' password/username IDs and 250,000 Gawker login credentials, each stored in plain text, were exposed via separate hacks.

Four in five of the passwords in the 37,608 account sample from the Sony hack actually only occurred once. But users are independently making poor passwords choices, Hunt reports. Around 36 per cent of the passwords used appeared in a password dictionary, a factor that would leave them wide open to brute-forcing attacks in instances where the same passwords were used and only a password hash database was exposed by a hack. Hunt reckons more than four in five (82 per cent) of the passwords would have fallen to a basic rainbow table crack.

You know you're a computer security professional when:

You not only lock your laptop with a physical cable leash, but you change the combination of the lock when it's not in use so that it can't be "compromised".

Although you have no ill intent, you spend no small amount of your downtime in airports thinking of ways to circumvent TSA security -- and you've come up with several can't-miss terrorist ideas that even Jack Bauer couldn't stop.

You lock your screensaver with twice as much insistence when security friends are around than when strangers are, because you're not nearly as worried about a stranger's intentions.

You're immediately discontent with all newly announced security solutions, even before you know anything beyond the name.

Having extralong passwords that you must type over and over again to get correct is not a bother.

You have a database program to store all your passwords, but even it doesn't contain a single, decoded password.

When you read industry-mandated security guidelines, you chuckle at all the newbie mistakes.

You secretly hope you don't miss a big virus outbreak while you are out on vacation.

Any security book you read is covered in pen from the technical corrections you've made.

Your Internet browser home page is a computer security news bundling Web site.

You've so fine-tuned your personal computer's host-based firewall that you are sure it is causing problems with legitimate programs, but you really don't care.

You fantasize about a job where you could bust into the house of unsuspecting malicious hackers and take them away to jail.

You've got a new car with a built-in GPS and computer, but you are constantly worried about how easy it would be to hack.

You suspect that every banner and Flash ad on every Web site is hosting malicious JavaScript.

You loath government interference with the Internet because you know they will only mess it up more and not fix the problem (see CAN-SPAM Act).

When you hear that we've arrested some big spammer, you have the same nonreaction as when you hear we've arrested Al-Qaeda's No. 2 person ... again.

You resist every new application install because of the new attack vector opportunities it will bring.

You know that mobile small-form-factor computers have almost no security.

Your cell phone is password-protected.

You resent having to give out your Social Security number to any person or company, especially because you have never given it when dealing with the Social Security administration.

You already own or covet one of those special screen covers that prevent people on either side of you of from reading your screen.

You can't prevent yourself from laughing out loud when someone announces they think that computer viruses, buffer overflows, or whatever will be solved in five years.

You hate upgrading your computer because it means spending days trying to copy and convert all your cool hacker and anti-hacker tools to the new system.

You have solid friends on computer security discussion lists, whom you know would be there for you in a life-crisis pinch but that you've never met in person or talked to on the phone.

Although you never try to shoulder surf other people's passwords, you can always tell by sound alone when they haven't typed one that is eight characters or more, and you chuckle inside.

When someone hands you their USB key to copy something, you always decline, and instead offer your known, clean USB key. You would also prefer one-time, disposable, Tupperware-like memory drives if they existed.

You always slow down when reading security guidance looking for the words "should," "must," "never," and "always" -- and you understand their importance.

By the time you read a CERT security bulletin, you've known about the issue for several days.

You always investigate SSL certificate errors when they come up in your browser.

Finally, you know you're a computer security person when you have so frequently spoken passionately to complete strangers about computer security and the frustration it entails that you know what it's like to be covered in sweat -- and the listening party to have a look on their face that says they didn't know what they were in for.