If you're using weak passwords, you're doing so at your peril. Hardening them may seem like an onerous task, but it's nothing compared to the energy you'll have to expend -- not to mention the losses you might incur -- if you allow an important account to be breached. Cut the job down to size by following a few simple password rules of thumb. Start by setting some priorities.
It's no longer acceptable to use dates of birth, pet names and so on for passwords. These easily guessed words were never secure, but it didn't matter much in the past -- quite frankly, who cared if a black hat got into your email account? So what?
However, things are much different today, because our lives are now digitally enveloped. Everything from banking to relationships is now inexorably online.
Here's how to protect your digital life with hardened passwords.
Step 1: Strategic Planning
Determine which accounts to start hardening. Aim to systematically re-password the online accounts related to money first.
This can be quite a project, so start with banks and other valuable Web accounts; progress to email and social networks. End up -- on a rainy day -- rebuilding passwords for minor accounts like loyalty cards.
Step 2: Choose Good Passwords
Vary passwords and create different ones for every account. This is particularly important for any sensitive accounts like banking. Make up passwords by hand using a combination of letters, numerals and characters.
Introduce upper-case letters randomly within words; if you spell words, spell them wrong and use multiple unrelated words. Use numbers in lieu of letters from time to time, for example substitute a zero for an "o."
Alternative methods include thinking of a phrase and taking the first letter of each word -- or variations on that theme.
Tip: Crackers can use computer-driven dictionaries, pattern checking and word list substitutions that can attempt millions of passwords per second.
Step 3: Re-invent the Security Question Answer
Do not directly answer the security question. For example, if the security question requests a mother's maiden name or first school, fabricate them.
Tip: Use the same construction technique as in the previous step -- for example, misspelling your answer to beef things up even more. Just don't forget what the answer is.
Step 4: Two-Step Authentication
Use two-factor authentication if it's offered. This method of protection uses two factors, usually a password (something you know) and a phone or other device (something you have in your possession).
I've written about Google's authentication before. Facebook also offers this method of authentication.