The experts have advised on secure passwords, to prevent hacking, as follows:
- at least 8 characters long
- does not contain all or part of one's name
- mix of upper and lower case characters
- does not have repeated numbers or characters side by side
- password must be changed every 3 months
It is easy to write these exotic rules, but they are not practical. Most people have to keep more than 20 passwords to log into various sites. If every website has their own exotic rules, it would be impossible for the user to remember all these passwords.
We need to exercise common sense. Many of these websites do not contain critical information. I consider that telephone number, address and e-mail to be public information and are not sensitive. So what, if someone knows my e-mail? It is available in my blog anyway. So what, if they know my mobile phone and call me? They do anyway, and I know how to deal with unwanted callers.
We only need secure passwords for bank accounts involving transfer of money or for e-mail accounts that are accessed daily. In most other cases, there is no need to secure passwords. There are millions of accounts, and there is no purpose in spending the time to hack them, unless a specific person is being targeted. If this is the case, the targeted person can take legal action against the hacker for theft or invasion of privacy.
Tan Kin Lian