Over 50 percent of people use the same password for nearly every site they visit and that requires one, says
PC World about a Jupiter Research study. That's just asking for trouble.
On the other hand, it's not reasonable to expect people to remember a bazillion usernames and passwords. So what do you do? Some people store the sites and passwords in a file on their PC. Not good. If their PC is hacked, the file is available for the hacker to read, use, and distribute or sell to other hackers. A much better method is to use a secure password manager.
Secure password managers also store the site and password information, but they encrypt it. One such
free program is
Comodo iVault, which uses 256-bit encryption. Of course, you use a password to open the program. So you need to make that password an exceptionally strong one.
To make a
strong password, use at least 8 characters and a mix of UPPER CASE letters, lower case letters, numbers, and symbols. If you want to beef up the strength some more, make the length at least 15 characters long. The, make it even stronger by making sure that no part of it forms a word. The more random the password, the better, though that also makes it harder to remember.
When creating a password, avoid obvious keyboard sequences of adjoining or alternating keys. Also, don't include any information associated with you or your family as part of the password (names, pets' names, birth dates, license plate number, etc.).
To make sure you have the right idea, test a sample strong password with CertainKey Cryptosystems's online
password strength analyzer (at the bottom of that web page). Since all the keystrokes you send are "in the clear", use this just for testing and demo purposes, not to check your real password. Note that the randomness of the password (what CertainKey calls entropy) helps too. The online tools estimates how many days it would take to crack the sample password you enter. Microsoft also offers an
online password strength checker.