Asking people to create and use decent passwords can be like pulling teeth.
Yeah, they know somebody could steal their banking information, get credit cards in their name and rack up bills, perhaps even perform truly nefarious deeds in the name of somebody whose password proved easy to hack.
Maybe finding out just how hackers get people’s passwords – scratch that, how people themselves give away their own passwords – could help prevent a fraud or two.
A database breach last year at RockYou, which creates apps and games for social networking sites, illustrates just how weak passwords can be. Attackers (stole) 32 million passwords that were stored in clear text (emphasis mine) and then posted them to the Internet. This large data set gave us unprecedented insight into the passwords that users select and allowed security researchers to calculate the most common ones…
This quote came from this Information Week article on how people might give passwords away. The article ends by advising people follow “basic password creation and management guidelines,” then lists some of those guidelines.
If nothing else, read the second page of this article for said guidelines – and follow them.
Update: this article is gone from the site. Makes me wish I had paraphrased the tips I mentioned.