Your comments about choosing a secure password are right on but most security efforts are foiled by overzealous IT security brainiacs that make stupid rules like having to change passwords on some regular schedule. Unfortunately this only weakens the system because the really secure password that you had created now has to be replaced by another and most people will not make the repeated effort and successive passwords become weaker. The only time a password needs to be changed if there is any suggestion that it has been compromised, otherwise a secure password is a secure password. Managing too many passwords is a recipe for disaster as most people will then write them down somewhere or even put them in an unsecured notebook file. Finally don't you find it interesting that you will trust a password management utility, which you probably don't routinely change the password and most likely use a weaker password anyway, to protect all of your other passwords!!

Having more than 60 passwords to maintain and remember, I gave up my attempts to do it myself. Instead I use a program which both generates random passwords, remembers them for me and can even enter them in a log-in form. Examples are kee-pass (source forge) or i-vault (Comodo).

I prefer passwords made of intermixed upper-case (capital) letters, lower-case letters, and numerals, utterly random in nature, making no sense whatever. If one isn't skilled in doing this sort of thing, there are programs which do it, although no algorithm generates truly random sequences. If there is no sense in the sequence used, and its length is random, too, it is extremely difficult to "crack." It helps to have a password-protected (as minimum protection) list of one's passwords, and it ought not to be on the computer's hard drive, but, rather, on a removable medium, such as a low-capacity USB Flash drive. One ought never to use the same password on multiple Web sites or other places, unless it is a mere formality and no sensitive data is there.

Even the strongest passwords are useless, if people fall for social engineering tactics.

http://en.wikipedia.org/wiki/Social_engineering_(computer_security)

guilty as charged for some of these.. but for my sensible data i do use strong password/s. like my email address...

i have some writen down and uploaded into a secure location. every once in a while i forget a pass...

google strong password checker rates my pass very strong :) im proud of that :P.

anyway.. thanks for the tips. ill take some of microsoft suggestions into count next time i make a pass...

I have found a way to make endless passwords that I never have to worry about forgetting. I created two base passwords that I add additional characters to each time I need a new one. The bases are things that even someone who knows me wouldn't guess. I keep them in a locked safe in a code that only I and one other person knows. I then created a list of all my passwords by denoting which base I used and what I added to it like ( B1+123abc ). This allows me to carry my passwords and have them on my computers without any worry that someone else can use them and all I have to remember are the bases. Sometimes we get so complicated that we actually make more problems for ourselves. I find simple solutions are often better.

I have found that for my memory purposes using the first name of the site (i.e. "hp") plus a key phrase (which is the same for all) the best way to not use the same password for everything. It gives me the security I need. Granted if someone were to figure out my key phrase they would have access to all my accounts, except financial; which I password independently.

I strongly agree that the use and application of a strong complicated password is an ideal and secure way of safeguarding information,data or even systems.But how do we deal with the normal users attitude of using simple and easy to remember passwords.

Most of the examples of 'weak' passwords are only weak if the hacker already knows a lot about you. A distant hacker attempting to bust my password from the other side of the world doesn't know that my place of birth was Liverpool, that my middle name is Dennis, that my birthday is March the twentieth or that my car is a green Ford Cortina, registration CWC549. - Oh bugger!

Write It Down

As Bruce Schneier has pointed out, there's nothing wrong with writing down passwords per se, just so long as you look after the relevant pieces of paper. Put them in your wallet/purse with your credit cards, or some such secure place where you're already accustomed to taking care of the contents.

This way, there's no need to limit yourself to easily-remembered passwords. You can go wild with random alphanumeric combinations. Problem solved

The strength of the password needs to coincide with the data that is being protected. If a workstation is in a security group that is only allowed read-only access to the phone list, why demand a super strong password for the user?

Why have a super strong password for your home router when remote access is turned off, no wireless, and you have to have physical access to a system in the home to get access to the router? In a case like that it could be argued that having no password is acceptable.

For online banking and other such activities where sensitive information can be released a strong password is good. But did you ever stop to think that your ATM card has a 4 character password that only consists of the numbers. This is the key to your bank account. How many have changed this PIN to an easily remembered number?

Password security is good but keep the level of complexity in line with the level of protection needed.

Data Encryption is one of final frontiers of networking and internet security. At the core of encryption are lock-solid passwords. The industry's two largest browser companies, Internet Explorer's Microsoft and Firefox' Mozilla are big proponents of strong passwords and will help you create thrm.

Unfortunately for even the most talented password creator, most of the online web sites including banks and many ISP's do not support strong passwords.

While signing up to such a site and choosing a useful password, it will be rejected with a comment that reads something to the effect of "please select a password with a maximum of ten keystrokes consisting of lower case numbers and letters only."

Interesting Suggestions but we the audience know these things.

How bout portable biometrics, eye-scans, and thumb print machines no more online quizs for everything you do.

I must say you waste your time telling us what we already know,but you do get paid.

-RWM2

I never change my passwords for about 7 years.There is never problem. If they ask for 8 digital passwards, i add some to 8 digital.... IF i have to change passwords, i would change part of it。。。。。。

hate to type passwords. somethings it need 5 digital or letter passwords,somethings 6, somethings 8.....hard to remember so much passwords. But if you choose a simple passwords, you are easily to lose something