This is going to be unpleasant, so I'm going to start by offering you this light-hearted video from the musical Music Man to help take the edge off it.
OK. Feeling good? Because I just read Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331” it's a little depressing. We all have to deal with passwords, lots and lots of passwords. We know the rules, which seem to change all the time, and we really don't care about them. Making up passwords is not a skill I ever wanted to attain.
It is truly alarming how easy it is to break a password, especially by harnessing the raw computing power of graphic accellerator chips. Simple passwords are just ridiculously easy to crack with computing equipment available to anyone. Today, passwords need to be long and complex—which makes them virtually impossible to remember. Is this going to get any better? With so much of our lives bound up in technology that is only thinly protected by a password it would seem that this would be more urgent.
Of course, the best sorts of security involve things that can't be guessed or duplicated easily, like a biometric. Of course, there are serious privacy concerns about having a biometric attached to everything that you do. I still like the idea of using some sort of public-key encryption with the biometric as my password. The end points only get your key, which you control, while the biometric becomes the password you never have to remember. Technically this sort of technology exists now, but it's just not put into practice.
Me, I'd be fine with a world filled with encryption, but I find that most people don't want to play. Tools are freely available, but most of the people I know don't really care if our information isn't truly private.
So, no real wisdom I can offer here. Passwords are not a great way to protect things. If you have a short, simple password then you are an easy target to anyone who gets hold of the system's password files, which seems highly likely today. I have really tried to ramp up my password game, using long, complicated passwords. Of course, those are things that I can't memorize so I have to use a password manager, which creates a level of vulnerability... but I figure I can do a better job of protecting my information than some company somewhere. Of course, they thought that they were doing a great job too, I'm sure, until they found themselves in the news.
Yes, sirree. We got Trouble!