3. Be password paranoid
Forget everything you’ve heard about password security because the US expert who wrote the standard now says he was wrong. The solution, says Gernot Heiser, Scientia professor at the University of New South Wales School of Computer Science and Engineering, is to use long, memorable “passphrases” instead – ideally, an unforgettable combination of unexpected words.
Don’t bother changing passwords regularly. “It’s safer to keep a longer, more complex password,” Heiser says. Also consider putting passwords into a text file, then encrypting it.
The best option is a combination of passphrase, multi-factor authentication, offered by most major service providers, and fingerprint or facial recognition.