How careful are you with creating strong passwords?

[Daniel]

I have done a lot of admining for my clients and I was appalled to see how badly they choose their passwords. Yes, 12345 and password are not just a joke, many actually put lousy passwords to their accounts (and some accounts are actually very important)

So, do you have password as password or put some work into making a complex one? :D

 

[Buddah]

The depends on what you consider complex. As someone who is very interested in password security, traditional complex password schemes are joke. I've given up on most.

"Your password must be at least eight characters, contain at least 1 number, 1 non-alphanumeric character, and 1 letter, and it cannot be the same as your username."

Password1!
P@ssword1


I currently have a massive database of existing, unique logins from various sites. With nearly 1 million users, it's a good example of the creativity, or lack there of, of users. 10% of passwords are common words. 3% are common foreign words(non-English). 5% are common words proceeded by a number, two numbers(usually the year of birth or registration -- e.g. 13), or common 3 number sequences like 420, 666, 999, 111, 000. 8% are pure numbers --07081988.

My answer:

Complex passwords have little to do with your own security, really. Password uniqueness does, though. If you use the same password on several sites, you're likely to get taken advantage of when one site is hacked. With the web's heavy reliance on a fast hashing method like MD5, no password is complex enough in my opinion.

For important sites, I use at least a 15 character pass phrase that is oddly formed.

 

[Suhel]

Number, caps and letters and write the passwords in a notebook

 

[ShadowBlaze]

I use password with random characters; numbers, letters and special character. I don't use passwords less than 15 characters on forums, websites, etc and no less than 25 on banking websites. Also I do not use the same password twice on a website.