Password Security
Stolen from Johannes Ullrich at http://isc.sans.org/diary.php?storyid=1318 because I think his information is spot on usually and a good way to deal with the ever increase complexity of online passwords and accounts.. Simply categorize your accounts by the risk of disclosure, and try to make them fit in one of the categories below.
” Password security. I usually recommend a 2+n password approach:
* use 1 password for “throwaway” registrations. This password should be used for sites that require you to register, but they don’t store any sensitive information (e.g. some newspapers that require you to register).
* use a second password for sites that you visit infrequently, and that don’t store any personal information, but impersonation may be a problem. For example, think about bulletin boards. Someone may be able to post insults in your name if your password is lost. The same password may also work for e-commerce sites that do not store. your credit card number (its a bad idea to let them store it anyway). But this is a question of personal preference. How much do you care if someone can see your amazon.com orders (and addresses that go with it)?
* The ‘n’ is for all other sites. These sites require specific, hard to guess passwords. Examples are online banking sites, or e-commerce sites with personal information which you want to protect very well.
For personal/home use, I do recommend stronger passwords, and write them down. Yes, you may use a Post-it and tape it below your keyboard. It all depends on what you consider a threat. In my opinion: If someone breaks into my house and steals the computer (or has access to it for some time), lost passwords are not a huge issue and can be reset.”