Passwords should be like ugly winter Christmas socks, the length should be long, the design should be complex, & should never be used for more than one event.
Let us tackle each of these qualities separately.
1) Length
Two years ago, I would of told you that a password 8 to 10 characters long would suffice. In today's standards, that won't even get you in the doorway for password length requirements. Things have changed once the years of 8 character password. For one, computer processing is so much faster & more affordable. Attack methods have changed as well. It used to be John the Ripper would brute force an alpha numeric 8 character password would take days, now it just takes 5-10 minutes with the help of L0phtCrack & a nice rainbow table.
Passwords
"Th1sl0ng"should
"N0w b3 th!s l0ng & th1s c0mp13x!!!"... including spaces. So, an eight character password 5 years ago should now be the equivalent of a 34-character complex paraphrase.
2) Complexity
Speaking of complexity, passwords should not be just a word and some numbers before or after it nor should it contain any information I could Google or search Facebook about you. It should be a long phrase or even a sentence that has items you and only you could know & remember.
That means no pet names, no child's birth dates or years, & no high school mascots.
Example:
Th3 w@t3r b!ll f0r M4y 2012 w@s $121.01
3) Never Use The Same Password
You -
"All these rules & passwords I need to remember. You mean I can't use 'password123' for my Facebook, Gmail, Hotmail, Twitter, & Flicker account?!"
Me -
"No."In this instance, sharing is NOT caring. Why do you want to share your ugly Christmas socks with someone else? So why would you share the same password with other accounts?
You -
"So, how do you expect me to keep up with all my passwords because you KNOW I love me some interwebs?"I'm glad you asked, kinda.
I'd suggest an encrypted password manager like KeePass or LastPass. These password managers will allow you to store all your passwords, usernames, websites, & notes all in an encrypted database. All you have to do is remember one complex password to log into the application.
KeePass:
- Can be installed on Mac OSX, Windows, & Linux.
- You can setup passwords to expire forcing your to change passwords to various accounts on a regular basis.
- It can also generate complex passwords for you, all you have to do is copy and paste into the login form.
- Can be portable via USB flash drive.
LastPass:
- Has the same features of KeePass(See above).
- Online based so as long as you are near a computer or smartphone with an internet connection, you can access your passwords.
- Has browser plug-ins like Firefox and Chrome that can auto fill login forms with the touch of a keyboard combination.