In the past I've never really paid much attention to security issues when it comes to user names and passwords. Frankly I figured it was all a lot of overblown hype. This led to an unfortunate incident that involved my website being attacked, apparently by a skillful youth with a propensity for mischief.
The main security flaw with my website was probably the simple fact that the username and password were exactly the same. Granted I did realize that this wasn't highly intelligent but I didn't have the power to change it myself, and I didn't think it really mattered enough to bother about it. Having an identical username and password is a massive "no-no" in computer security. Your username and password should not even be related along the same line of thought. A username of "Dragon" and a password of "Fire" is not a secure combination.
For maximum security, passwords should not be cohesive words or phrases and should not be too obviously related to something like your birthday or the birthday of someone close to you. Personal information is one of the first things used when people attempt to break passwords. Having a password of "Password" is indeed humorous and ironic but it is not in the least bit secure.
A "brute force" password hacking technique involves using certain rules and guidelines to take a guess at possible passwords and generally works through a dictionary of sorts, trying combinations of possible words and common characters. Your best bet at creating a secure password is to pick a random collection of letters, numbers, and symbols, including varying case changes (in a password the letter "a" is not the same as the letter "A", so alternating at random between upper and lower case will increase the difficulty encountered in cracking your password). Selecting a sequence of characters on the keyboard (such as "asdf" or, worse, "1234") definitely does not create a secure, random password.
Having symbols in your password is an easy way to greatly increase security. These are the special characters accessed by holding the "Shift" key and pressing one of the numbers at the top of the keyboard. If you want to truly expand your arsenal of special characters, try holding down the "alt" key and pressing a combination of numbers on the num pad (the rectangular collection of numbers on the right hand side of most keyboards) then release "alt". For example, holding "alt" and pressing numbers, 1 then 6 then 8 and releasing "alt" will give the character "?". Most combinations of 3 numbers will enter a different symbol into your password. This may make it a little harder to enter your password but it makes it a lot harder for anyone else to crack it.
To make passwords easier to remember you can use something original, like the name of your favorite character in a book (personal information that other people won't know). Then add some numbers to it, perhaps use the "Leet speak" (check http://en.wikipedia.org/wiki/Leet for exact definition) method of changing letters to numbers and generally mix things up so that to you it seems coherent and memorable but to an automated pattern recognizer it seems random. For example, "jAm35_5m1Th?" ("James Smith") is actually surprisingly secure. In this case the password's meaning is obvious to a human reader but it will take a lot of work for them to divine the password without prior knowledge (unless you've used your name or a close relative/friend's name which, as we've already discussed, is not a good idea).
For additional security you should not use the one user name and password for every account that you have. If you do and someone manages to get hold of your details for one site they pretty much have the run of your digital life. It is not particularly vital to have perfect passwords for less important accounts (e.g. web based email from Hotmail, forums you visit etc.). These sites can quite happily be accessed using the same password. However, bank accounts, work email etc. should be made as secure as possible.
Hopefully a few of these tips will assist you in making your online activities more secure. Keep these guidelines in mind, change your password on a semi regular basis, and with any luck you'll be able to avoid the hacking menace that befell me.
M6.Net Web Helpers