Thanks for your great article.
I'd like to add that it's also important not to use the same password everywhere (even if it's a hard to guess password). You never know for sure if an admin really encrypts your passwords or if he collects them while you sign up. The site could also be hacked by someone else who then might find out your password.
Looking forward to part 3!
And the answer to your challenge is: sdtn