Yes it is convenient to have a password that is easy to remember and that never changes, but how convenient will it be when you find a hacker has destroyed your website, sent spam email to all of your contacts or emptied your bank account? Password cracking software can be run at regular intervals to attempt to guess your password from common names or dictionary words, so never use a person’s name, pets name, street name, or name of an activity, event, place or thing.

If you are a business, you need to have a secure password policy. You will likely get immediate objection, because users generally hate password policies. They consider them onerous and time consuming because they don’t understand the potential implications of being hacked, so ensure you communicate to them why the policy is in place .

Put your password security policy in writing and ensure your users adhere to it – make it an employment issue.

Possible components of a successful password policy might include;

• Have your users create passwords that comply with predefined rules. Never use any word that would be in the dictionary, this can be achieve by adding numbers or special characters to your password. The longer the password the better and throw in some capitalisation of letters - your favourite ‘spotty’ password could become sP0tTy
• Force users to change passwords regularly, if you can, have your system configured to expire passwords to force users to update their passwords
• Have your system configured to lock a user's account after a certain number of failed logon attempts and don’t allow them to reattempt login for a specified period
• Monitor your security logs periodically. You will be able to determine if someone is trying to hack an account and can block the attacking IP address in your firewall
• Disable default Administrator Accounts – at least the hacker will then have to guess at a user name and password rather than password alone
• Never reveal passwords to anyone. Create a temporary password for an IT support person and delete it immediately they no longer require it
• Physical security of passwords is just as important, never write your password down and ensure no one is looking over your shoulder while you log on
• Log off your computer if you are leaving it and log back on when you return.