A weak password provides little protection against malicious attack. Sensible password management can reduce this risk. Passwords should be:

• 8 characters or longer
• a mix of upper and lower case
• a mix of alphabetical, numeric and punctuation symbols
• not a word in a dictionary, or someone's name (including your own)
• not your birthdate, or telephone number
• not your home or business address
• not your pet's name
• not your favourite food
• not a series of consecutive numbers
• not used on too many different services
• not written down (except perhaps in a secure location)
• not easily guessable
• not easily forgettable
• changed every so often

Tricky passwords can be remembered by breaking them up into groups of characters, or making a sentence out of it, with each letter being the first letter of the word. For example: a password of TCITHSOTM is simple to remember - that's The Cat In The Hat Sat On The Mat, of course!