As an IT professional, one thing I deal with every day is passwords. When I'm helping a customer setup a new computer or a new account for e-mail, Facebook, or the like, I notice that people tend to underplay the importance of setting an effective password. I often even get questions like "Do I have to set a password?" or "Can't you set that to login automatically". Also, they often choose a password that only meets the minimum requirements.
Unfortunately, I also see the impact weak passwords. Often clients only realize the significance, when suddenly they can no longer access, sometimes permanently, their e-mail or Facebook accounts. When their friends and family receive virus-ridden e-mails from them, or they discover someone has accessed bank account or personal information.
All the major e-mail providers and social networking sites are constantly under attack from people who wish to exploit your personal information. In addition, the rapid increase in processing power in today's computers has made it much easier for the nefarious to attack your password. In years past, it was less feasible for an attacker without personal information about his target to attempt to break a password, or at least an attacker was limited to a list of a few thousand common passwords to try. Now, it is not unusual for computers to be capable of guessing several million (or even billion) combinations per hour. This allows an attacker to try every combination of characters for short passwords.
In years past security experts recommended that you do things like add capital letters or symbols to your passwords thus increasing the number of characters a computer would have to try. This led to passwords that looked like, alpha#12 or Aze344Sdi. Unfortunately, this made it incredibly difficult for people to remember their passwords and ultimately makes little difference to a computer, trying to guess your password.
In today's world, the best protection against a computer obtaining your password is to lengthen it, beyond the typical 8-12 digits commonly used. There are a few techniques that can be used to help remember long passwords. One easy way is to use a "passphrase" instead of a "password". An example of a "passphrase" that I actually used in years past is BlueBirdsEatBlackSeeds. As you can guess, I created this password while watching a fat blue bird eating from a birdfeeder. Since the sentence is fairly literal it becomes easy to remember, and the memory of the moment in which it came to me also helps me remember.
Another password creation technique is to string a few reasonably long words together like, PrimateCommandoConcussionHeaven, then associate those words with a mental picture that describes them to you. In this case I visualize a Primate and a Commando locked in an epic battle, one ends up with a concussion, and the other ends up in heaven. Making that mental image helps you remember, and it definitely works.
This all sounds great, but how are you supposed to remember 20 different phrases or word strings? Well to be honest you're not, if you have too many passwords to remember, I suggest getting a password manager. A password manager will store all your usernames and passwords inside an encrypted database. That is locked by one master password; then you only have to remember your master password.
Links:https://howsecureismypassword.net (password tester)
http://keepass.info (and excellent password manager)
Bad password examples:Buckey123 (could take a computer as few as 11 minutes to break)
alpha#12 (could take a computer approximately few as 3 days to break)
Aze344Sdi (could take a computer approximately 39 days to break)
Good password examples:Theskyisbluewithclouds (could take a computer as long as 100 trillion years to break)
BlueBirdsEatBlackSeeds (could take a computer as long as 400 quintillion years to break)
PrimateCommandoConcussionHeaven (could take a computer as long as 100 decillion years to break)
Works CitedXkcd: Password Strength." Xkcd: Password Strength. N.p., n.d. Web. 9 Dec. 2013.