- The passwords should not be reused across many accounts, but should preferably be unique to each account. (single-sign-on services & password management tools – should be used very carefully in a decentralized formation in view of the single point of failure that comes with them.)
- The passwords written on a memo should be hidden in a safe place. (It may be practicable indoor, but not outdoor where there is no such safe place since both the memo and the mobile device can be found on the user at the 100% probability.)
- Whether with multi-factor authentications or with biometric solutions or with ID federations, a reliable password that confirms the volition of the user remains a fundamental prerequisite or essential condition.
Limitations against the many password resets are
- Humans can firmly remember only 5 textual passwords on average.
- Existing password authentication systems are still all text-based, even though it is easily possible to break the above (4) limitation by expanding the password systems to include pictures of episodic/autobiographic memory in addition to the conventional textual passwords.
Examples of invalid or poorly chosen passwords:
- Your login ID.
- Names of co-workers, pets, family, etc.
- Phone numbers, license numbers, or birthdays.
- Simple passwords like “asdf” (adjacent keys on a keyboard).
- Words, which can be found in a dictionary.
Examples of strong passwords (the following are for example purposes only; do not use any of these examples as your actual password):
- Use a name, modified slightly, like “b0b$mith” or “M@ryL0ng”.
- Use a phrase you can remember, like “hello world” modified to “hel10@World”.
- “tL*5i?wu” (contains letters, special characters, and numbers).
Even though it is not a rule, it is strongly recommended that you use a combination of both upper and lower case letters.