Many individuals look upon the requirement to use and change passwords regularly as an evil inflicted by the Information Technology (IT) industry. What users should be aware of is that a password is no different than the combination to a safe and should be protected in the same way. Although you may believe your company and personal data would be of little or no interest to hackers, this often has no bearing on which sites are targeted. A large percentage of hackers are opportunists out to create petty vandalism and cause damage. Other hackers may be more interested in using your site to relay emails (spam) or viruses to others, thereby protecting themselves and implicating you. These are good reasons for making passwords difficult to crack or guess. This will make your site much less interesting to casual hackers and much harder for targeted hackers to infiltrate and abuse your computer systems.
There are many ways to crack or break passwords. For this reason it is essential all passwords be chosen with care and changed regularly. There are a number of industry 'Best Practices' which can help ensure the safety of the organisations data.
If possible these rules should be enforced by software to ensure compliance and the security of the organisation.
Often when people choose a random password it is then easily forgotten, although passwords can usually be easily reset, this can cause an overhead on the system administrator and waste valuable time. One popular way of choosing passwords that can be remembered is for the user to select a two syllable word, divide the word in half, reverse the order, and insert a number. For instance, the word SUMMER and the number 2 become MER2SUM. This becomes an easily remembered password (all the user must remember is SUMMER 2 and the rule), while still being difficult to crack or guess.
Switching letters for numbers is also a good method. Start with a normal word, say 'computing' and replace the i's with 1's and the o's with zeros, so the password would become 'c0mput1ng'. Use word abbreviations to create small simple phrases that are easy to remember. For example, "you too can be safe" would turn into "u2canbsafe".
Taking a short phrase and using the first letter of each word can also be a good method. For example, 'I like the beach in the summer' would become 'iltbits'.
The basic key with passwords is after avoiding all the common mistakes like using your name etc. It must be something you can remember. If you can't remember it then you will write it down which is a big no-no. Second to remembering it is: the password should be easy to type.