What is a good password? Before responding, think about it for a second...
What a good password means to you? How would you choose a “good password”?
Let’s try a simple password quiz. Out of those passwords, which ones do you think are good?
Based on common knowledge and what we hear online, most people would say that the passwords #1 and #3 are very good and the others are not. Would you agree?
But is that really true? Most people only think about a password in terms of length and complexity, but that’s only a part of what makes a good password. On my experience, I rate a password based on these characteristics:
Did you see our list? The last think I worry is about the size and complexity of the password. Why is that? First, because the password is only as secure as the location it is being used, how it is stored, how it is shared and transmitted.
You could use the password “^UR$FJ##__!#O#Kytu” (theorically secure) in your Gmail account and in an online forum. If that online forum is compromised (which is not uncommon), your Gmail account can easily be compromised as well.
There is no perfect solution, but a good one is to have just a couple of good passwords remembered in your head (yes, long, complex and only used in high security locations). All the other passwords should be stored in a password manager for easy access and use.
For example, you could have only 3 high security passwords, one for your Email account, one for your Password manager account (where you store all the other passwords) and one for your bank site (for example).
If you can’t (or won’t) use a password manager, we recommend that you create password groups. Still remember 3 high security password (email, bank and some other site you care about). For the other sites, classify them in terms of importance (important, medium, don’t care about, don’t trust, etc) and reuse the passwords among those.
But never share a password between different importance levels.