User account security primer.

I've read a few articles about what constitutes good password security. I know the first question I'll receive is "how do you define good"? Well, that can be subjective, however here is my opinion on what constitutes a good password:

1. Never, ever use a plain dictionary word. ex: cinema
2. Always use numbers, letters (upper AND lower case) and special characters ($, #, @, etc.)
3. Use eight to 16 characters per password.
   
4. Try to come up with a phrase that you are likely to remember, then take the first letter of each word to form an acronym. ex: The rain in Spain falls mainly on the plain = trisfmotp
   Then modify the newly formed word using rule#2. ex: Tr1$fM0tp39
5. Change passwords frequently (again, this is subjective).
   
6. Never re-use a password between sites that contain important information.

• You should have one password for your email account and not re-use it on any other site.
• You can have one password for social networking sites.
  
• You can have one password for banking sites.
  
• You can have one password for sites that contain your credit card information.
  
• You can have one password to use on un-important sites (news sites, etc.)

Now, I expect a security savvy person to point out that re-using any password is not a good idea, however expecting people to have a password per site is not practical. If you make it too difficult, people simply won't follow it. So, I tried to come up with a password methodology that is secure and easy to follow. Btw, I adhere to it myself.

Once you've selected a password, I suggest you test its strength to get an idea of how strong it is.

One tool I use to make keeping up with my passwords easier is KeePass. It's a password database that utilizes military grade encryption algorithms (AES and Twofish) to secure the information.

Keep in mind that just like physical security (locks, alarms, etc.), no electronic security is totally secure or fool-proof. However, exercising good judgment can thwart most criminals.