What constitutes a good password and why it is important to have one
Quite simply; your password is the key to your IT castle. The walls you carefully build around your business data are of little value if the front door lock is easily picked. The idea that passwords should be long and complex is one of IT industry's sacred cows, and yet many users stubbornly stick to passwords such as 12345, Password1 or Jimmy1970; which often takes less time to crack than to type them.
What is a bad password?
What is a good password?
- Use abbreviations combined with uppercase, lowercase, numbers and punctuation. It should be at least 8 characters and never include any aspect of your username or company name. A good example of this might be JgtS@0805em! The question of how to remember this is answered by - JonnygoestoSchoolat08:05everymorning!
- Combine several unusual and unrelated words together. Avoid meaningful phrases or quotations though. Something along the lines of VolcanoKettleBoots is a good choice too.
Both of these passwords (as illustrations only of course) would give most password hacking tools a challenge.
Should I use a completely different password for each site or service?
Are password managers a good idea?
[EDIT] On the 1st June 2017, it was reported that OneLogin saw a breach of data in its US data centre. See here for more information: http://www.bbc.co.uk/news/technology-40118699
These can be a good idea and address the most common concern; "how am I expected to remember all these passwords?" Of course, as the repository for all your passwords for your company data and sites it is analogous to keeping all your eggs in one basket, and are frequently the target of considerable interest from the hackers for obvious reasons, but as most things in life it is a balance of risk.
In 2015 LastPass, one of the largest providers were partially breached, but claims that none of their 7 million user accounts were compromised. Set that possibility however against the hazard of using the same or similar weak password over multiple sites and the password manager still looks an attractive option, although we suggest you avail yourself of two factor authentication alongside a strong master password when using any such service.