On Fri, Sep 9, 2011 at 6:12 PM, Jacob <ja...@excaliburfilms.com> wrote: > 1. Mix up the password with uppercase, lowercase, numbers and special > characters.
It is arguably more effective to use a longer password with a simpler scheme than a shorter password with a complicated scheme. They yield equivalent keyspace sizes, but the simpler scheme is easier for humans to remember, and for various reasons, shorter passwords are often tried first in a brute-force or similar attack. > 2. Change all your passwords every 3 months ... What's the justification for changing it every 3 months? That is, what's the attack scenario you're countering? I can't think of many scenarios where such a short time frame justifies the cost (assuming one has a good password to begin with). > 4. Do not write down your password ... Writing down a password *in a secure location* is a *much* better choice than using a weak(er) password. A sticky note on your monitor, bulletin board, or under your keyboard is definitely not a secure location. A card in your wallet or purse is probably not a secure location. But a list locked in a fire safe prolly counts for most personal usage. Or an electronic password manager, if you can trust the system (most lay people, I would advise against it). Agreed otherwise, especially the parts about phishing. I always forget to mention that if I'm not working from notes. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin