I know that this subject has been beat to death. But this is still a good question. People do not really know how easy it is for black hat hackers to determine your password using brute force attacks like rainbow hash tables, I know look it up, I had to the first time I heard about this technique.

I hope that you are not one of the millions of people using easy passwords to guess like the top 25 most popular and therefore worst passwords of 2011 which according to http://www.splashdata.com  are:

1. password
2. 123456
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passwOrd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

NASA came up with a recommendation list for creating passwords to protect its rocket science. Their guidelines are:

  • It should contain at least eight characters
  • It should contain a mix of four different types of characters – upper case letters, lower case letters, numbers, and special characters such as !@#$%^&*,;” If there is only one letter or special character, it should not be either the first or last character in the password.
  • It should not be a name, a slang word, or any word in the dictionary. It should not include any part of your name or your e-mail address.

The problem with complicated passwords is that people can not remember them.

A great way to fix that problem is to turn a sentence or phrase into a password that you can remember. An example is for an attorney they could use something like “I litigate all day!” which would turn into something like Ilitig8Ad!. This uses no dictionary words and uses upper/lowercase letters and numbers/symbols. It does put the special character at the end but is better than the 25 options above.

Using these tips you won’t have your email hacked like two business acquaintances did just this past week.