The consequence can be dire to you and your business, for example, confidential information can be viewed or even changed; unwanted and harmful information can be uploaded to your system; cash can be stolen; etc. We know this, yet still persist with bad practice.
Why? Basically laziness, we like passwords that are easy to remember, we do not want dozens and we cannot be bothered entering long complex passwords.
A password check at one company indicated that 80% of passwords could be cracked in less than 30 minutes and 95% in under an hour. Hackers know favourite words and phrases. They are incorporated into lists that feed cracking tools, others such as Wfuzz use brute force. THC Hydra is aimed at network logons, whilst Aircrack-NG attacks WiFi.
So how to create a decent password:
All very nice but it rubs right up against our lazy streak.
So is there a better way? Yes, you need a Password Manager. Several are available e.g. Last Pass, KeePass or Dashlane. What then does a Password Manager do? I will use Last Pass as an example:
Last Pass is a web based utility it can be accessed wherever you have an internet connection. It incorporates synchronised apps for iPhones, iPads and Android devices. You need one secure password to access your account but then Last Pass does the rest.
A generator produces strong passwords to replace all existing passwords and for any new websites. It stores user names, passwords and other pertinent information. From Last Pass you can access individual websites. Last Pass will fill out your user name and password and automatically login. It can even enter name, address and credit card. Advanced features show you how good your passwords are and notify compromised websites.
Some time is required to get the best from Last Pass; an investment repaid many times whenever you logon to a website. Check out other Password Managers, some have a free to use basic version. The premium version of Last Pass costs $12 pa. Much better than leaving the front door key under the mat!