The first part of this was written by someone who actually had his password hacked, and has since written this in order to benefit others.


Easy to Remember = Easy to Hack
Traditionally, we've all wanted to use passwords that we can easily remember, because we're afraid of forgetting them and being locked out. Unfortunately, in this day and age of cyber-thieves, we can't afford that convenience. A password is easy to remember if it follows a pattern or if it's made of real words and phrases. Both of these attributes make them very easy to crack by a computer. Pattern matching is one of the things that computers do best, and a Dictionary Search uses lists of known words to speed up the cracking process, so real words leave you open to hacking. Like it or not, you need to use a random password.

Re-using Passwords is Suicidal
These days you need passwords for just about everything you do online, and one can quickly feel overwhelmed by all those crazy character strings. There's a strong temptation to use a single password at multiple sites, just to keep things simple. Remember, simple for you means simple for a hacker. If just one password is compromised, every account that uses that password is compromised. That's an opening the size of the Holland Tunnel, and a hacker WILL go through it. Again, it's not convenient, but you must use a unique password for every single account you create.

Short, but Not So Sweet
Another error many folks make is to use short passwords. Again, this is more convenient for humans, but again it's more convenient for hackers as well. In my case, I used a password that was only 6 characters long. With just lower case letters, that allows about 309 million possible passwords. Seems like a lot, but it only took 'a few hours' for the hacker to guess it. If I'd used 8 characters instead, there would have been 209 billion possible passwords.. See what a difference just adding 2 characters makes?!!

Character Symbols - The More, The Merrier
Merrier for you, not the hackers... My THF password used only lower case letters. That means there were only 26 characters available. That played into the hacker's hands by cutting down on the number of possible variations. If I'd used a mixture of upper case and lower case letters, the character set doubles in size, and instead of 309 million variations, there would have been 19.8 billion variations, even with a password only 6 characters long. Clearly there's a benefit to using a larger character set. Add in all ten available numerals (0 throuh 9) and you add even more strength to your password.

To create a strong password that is easy for you to remember but hard for someone else to determine, try one of these techniques:

Merge two or more words, and combine the words with numbers and symbols. For example: Walk[My]Dog, Po#34tato, Champions=1995.
Abbreviate a phrase you'll remember. It could include numbers and symbols, or words that you can substitute with numbers or symbols. For example: I ride my bike 5 miles each Saturday could become the password Irmb5meS.
Use punctuation and numbers to combine the initials of people or objects from a familiar group, such as your favorite athletes, friends, movies, books, or historical figures. For example: Gandhi, Abraham Lincoln, and Joan of Arc could become the password 1G,2AL,JA.
Drop all vowels from a favorite saying, and then add numbers or symbols. For example: Walk three dogs could become the password Wlk3Dgs.
To be strong, a password must:

Contain at least seven, but no more than 16, characters.
Combine three of the four different types of characters:
Uppercase letters (for example: A, B, C).
Lowercase letters (for example: a, b, c).
Numerals (for example: 1, 2, 3).
Symbols (` ~ ! @ # $ % ^ & * ( ) _ + - = { } | [ ] \ : " ; ' < > ? , . /).
Not be a common word or name, or a close variation.
Some service providers require that a strong password also:

Not be the same as any of your four previous passwords.
Not be a minor variation of your old password. For example, if your old password was Champions=1995, a new password of Champions=1996 would not be acceptable.
Important

Don't use one of the above examples as your password.
Don't write down your password.
Never give out your password in an instant message conversation or share it with anyone else. You should never be prompted for your password in an e-mail.
If you have more than one e-mail account, for instance, one for work and one for personal use, you should use a different password for each account.

Some good advice there Geoff, thanks for posting it!

Thanks for moving this for me Phil. I looked but just couldn`t see this folder. Must be getting old!