John P. posts an interesting article "How I’d Hack Your Weak Passwords", in which he describes the routes that a hacker would take to crack your passwords. Including, for example:
- Easily guessable passwords. Using "Cassie123" as your password? Bad idea!
- Brute force attack. How long would it take an average computer to crack a five-letter, lowercase-only password?
- Cracking a less secure site, then hoping you use the same password for more important sites
- Cracking your email password, then looking for password reminders from more important sites
For what it's worth, here's a quick way to create a reasonably secure password:
- Take a phrase that you can easily remember. I'm going to go with "Snape kills Dumbledore".
- Alter it slightly to make it less guessable. This one's a little short, so I'll extend it to "Oh noes! Snape kills Dumbledore!"
- Take initial letters for words or syllables. Take what seems sensible to you; "onsnkdbd"
- Mix it up a bit with capitals, numbers, and/or punctuation. More character types means better security. "0n!Sn8kDbd!"
- Practice typing it a bit to see how it flows, and change it a bit if it trips you up too much. On second thoughts, I don't like that 8, and the final ! is awkward. I'll change it to "0n!SnpkDbd;"
Microsoft suggests a similar technique, and provides a handy online password strength checker. It thinks the above password is "strong" (not "best", though, which it reserves for passwords at least 14 characters long... slightly overkill maybe?)