We all hate to keep changing our password or even having a password at all, but it’s the price we pay for having our systems on the Internet 24/7 for e-mail and remote access. A password is the most basic measure everyone can take to prevent a variety of unpleasant things from happening to you and your business, including identity theft, spam going out in your name, destruction of business databases, etc. Your firewall and anti-virus are virtually useless if a random hacker gets or guesses your password and targets your systems.
We used to constantly encounter administrator passwords that were statements of the vast power of that user, such as “yourtheman”, “masterpassword” or “bossman”. Then some genius invented forcing you to change your password every 45 days, so we had “yourtheman1″ in January, “yourtheman2″ in February, etc. Often people resorted to taping their frequently changing password to their monitors. When we take off the forced change and insist on a “strong” password, horrible misspellings of common words began to be used, like Studl@wy3r or l0g1n2s3rver. When your office manager types everybody’s password into a Word document and saved it on the desktop without protecting it with a password (bad thing to do!), now you are compromising the security of the entire office, regardless of your crazed strong passwords.
So here is my suggestion — make your password a phrase. Passwords have no case or spacing restrictions (though Windows 2003 networks by default do make you put at least one capital letter and number and/or non-alpha character, such as #, this can be turned off), so you could make your password “Jeff Krause made Billing Matters so easy for us to use properly!” or “Bruce’s blog is boring” or “My husband is so stupid!” Put a little thought into it, make it memorable — but only for you.