A secure democratic Net is a fundamental right

We don't believe that the press will be writing much about the tens of thousands of hacked emailaccounts (I would be happy to be wrong).

We don't believe that - even if we are contacting those that should be responsable - the existing institutions will be capable of cleaning out the domains that have hacked administrative FTP accounts.

We don't believe that all countries will be able to organize this

So this leaves you as a service provider (ISP, hoster, emailprovider,....)

So do the RIGHT thing

Organise a "Everybody change your password" day.

- but don't do that by email - :) and mention on your site that there will be no communication whatsoever by email.

When somebody logs in, you ask him to change his/her password immediately before he/she can go on. You mention on your site that all accounts will be asked to do that - this will destroy already a whole bunch of password lists. And after a timegap of x days or weeks you put all the dormant accounts on hold. You can even use some other indications to put them on hold - if for example they haven't been accessed for over so many time.

Another advantage is that if the account is put on hold and the person logs on - because he may be aware that he has to change his password everywhere and just goes through a number of websites he once subscribed to - you can give him/her the possibility to delete the account or the administrative access to the account.

At the same time you log the IP addresses of the logon process. You may never know what it may be good for. Have some ideas although.

And you can do that every so many months of every year.