Many studies have found that one of the most common passwords is “password”. This is likely because it is the default in many systems. A very bad default, in my opinion.<\/p>\n
We’re overwhelmed by passwords, so it’s not surprising that many people choose highly insecure, but easy to type and remember, passwords. They’re creating a large risk for themselves by doing that.<\/p>\n
When creating a password, do a threat assessment, judging the risk to you if someone guesses or hacks the password. An on-line forum is not a great risk, as likely all that could happen is that someone could make postings or send internal messages in your name. Your web hosting account or on-line bank are much more serious, and require very strong passwords.<\/p>\n
Create a password that mixes upper and lower-case letters, numbers and, if the system allows it (many don’t) symbols such as hyphen, #, @, or %. If you find strong passwords difficult to remember, create a mnemonic or a phrase in which you enter the first character of each letter, substituting 1 for i, 3 for e, etc. Not all systems allow you to include special characters, which in my view is a foolish limitation.<\/p>\n
Do not use only words found in the dictionary, as password cracking software quickly tries all of those. Do not use your birthday, or spouse’s name, or your city, or any other personal data that could be easily guessed by someone who knows a few of your details.<\/p>\n
Do not write your password on something you leave accessible. Don’t, as too many people do, keep a written copy of your ATM banking password in your wallet. I recall a boss whose office computer and network password was “tigger”. This was poor in three ways:<\/p>\n