The Imperva Application Defense Center (ADC) in the US analysed 32 million passwords that a hacker stole from the website to find out the password habits of users. They found that far too many people were using easily guessable passwords, and the same password for most or all the sites they log into.  The top password was 123456! Read their report: Consumer Password Worst Practices

Best practice in creating passwords includes the following:

  1. Choose at least 8 characters (30% of users chose passwords of length six characters or below)
  2. The password should contain a mixture of numbers and both lower and upper case letters as well as special characters such as ;!@^#%$&*,;” If there is only one letter or special character, it shouldn’t be the first or last in the password.
  3. Your password shouldn’t be a name, a slang word, or any word in the dictionary. It shouldn’t include any part of your own name, family names, address or email address.
  4. Bruce Schneier in The Guardian suggests that to create a memorable password you can take a sentence and turn it into a password. Something like “Fish is a nutritious meal for any night” which gives you FISH=nm4an
  5. Use a different password for all sites – even for the ones where privacy isn’t an issue.
  6. Never trust a third party with your important passwords (webmail, bank, tax, etc.)
  7. If you can’t remember lots of passwords without writing them down, use a free program like KeePass or  Password Safe, which is designed to help people securely store all their passwords