This MarketWatch article shares many best practices for password protection
QUOTE: Don’t believe proclamations that the password is dead. Even with increasingly sophisticated software programs able to rapidly burn through an endless array of possible character combinations, the password is not only alive, but as important as ever. “Passwords are the bane of our existence, but they’re here to stay,” says Hilary Schneider, president of LifeLock, an identity-theft protection company.
Think of the password as a mouse trap. As simplistic as it seems, there’s nothing out there more effective and straightforward for accessing sites likes your bank and favorite retailer. “A better system can be developed but it needs to be easy to use before it can have the widespread adoption to abolish the use of the password,” says Cameron Camp, a security researcher for ESET, an antivirus and Internet security provider. “If it’s not convenient, you won’t transact with the bank as much and the bank loses revenue.”
We’ve been told time and again how important it is to have tricky, unique passwords that are known to no one but ourselves. We should make them long and add numbers and symbols to fool the fraudsters combing the Internet for access to our records. And we should always, always have different passwords for each site. But apparently, we’re not listening very well. The annual compilations of “worst passwords ever” are numerous but remarkably similar in their results. Moreover, the top 25 or so passwords are held by an alarmingly large number of people.