Avoid using a “standard” password for your web sites and applications.
Yes, I admit it. I’ve used a few ‘easy’ (still complex but easily remembered) passwords for many of my non-financial web site logons.
Today, I went to a photo sharing site to view a friend’s wedding photos. It’s one of those sites that requires that you register before viewing anyone’s photos. I clicked the ‘create new account’ link and put in my e-mail address; the site told me that I already had an account. I clicked the ‘forget your password?’ link, since I didn’t have a record of this site in my password vault.
A few minutes later, the web site e-mailed my password to me. I saw that they e-mailed my password to me in the clear, but more disturbing was that the password they e-mailed to me was the password that I use for several web sites.
See these other tips about password management: