"Passwords that are easy for you to remember are usually also easy for others to guess. Using passwords that are easy to figure out – and, worse, using the same password over and over again – it's like leaving a master key to all of your locks under your doormat or on the front, right tire of your car," says President and CEO of US recruitment site MedZilla.com, Frank Heasley.
There are many forms of authentication, including passwords, PIN numbers, two factor authentication (requiring two forms for access), biometrics and user cards.
"In general, the password as an authentication form is the most widely used by far, but it's not the strongest form," adds Mark Ford of professional services firm Deloitte & Touche. "It's a must to use some sort of authentication if you have any expectation of confidentiality or privacy."
Gary Morse, president of Razorpoint Security Technologies, has more than 20 years experience in network and internet security. Companies pay him to identify and fix security vulnerabilities.
Morse advises clients that they should not use words or names as passwords; rather, they should use mixes of upper and lower case characters, numbers and symbols to safeguard their information.
That does not mean that you should use your name and birth date or other more obvious mixes of numbers of characters. Never use personally identifiable information. Instead, be creative, so that even your best friend, husband, wife, or mother would have trouble figuring out what the password means.
The longer the password, the more difficult it is to break. Deloitte's Ford suggests starting with an eight or nine-character word or phrase and randomly adding numbers or symbols to it.
Changing the password is always a good practice. According to Ford: "We recommend the shorter duration, the better. But it has to be practical. Typically if it's very confidential information, people should change them once every 30 days."
Use a different password for every location. Michele Groutage, MedZilla.com's director of marketing and development says by using different passwords for each site you visit, you can keep any damage from hackers to a minimum. "By diligently changing passwords from site to site, you protect yourself," according to Groutage.
While some people recommend writing passwords and keeping them in a secret place, Ford says its best practice not to write down any of your passwords and never divulge them. Instead, use memory techniques to remember all those different numbers, characters, symbols and sites.
He suggests using acronyms of words and phrases and using two of these acronyms for one password. In between the acronyms, add a shift character. "That can be a fairly complicated password - over eight or nine characters long - and fairly easy to remember," Ford says.
To encourage users to use different passwords each time, Morse suggests using the same basic code for all your passwords, but changing the last three, first three or middle characters. You can even add letters that pertain somehow to the site. For example, the password MBISledd4, might also include "zilla," if it's your password on the MedZilla site.