A recent poll conducted by Google researchers reveals a wide gap between what security experts and security non-experts believe are the 5 most important security practices to keep your information private and secure. The results of the survey were published in a blog post here: New-research-comparing-how-security
The only item common in both top 5 lists was using strong passwords. I agree that strong passwords are important. There are two issues with strong passwords: 1. strong passwords require users to be good at something that most of us find difficult and 2. Most software that checks password strength can’t be trusted. See the following article for more information why-you-cant-trust-password-strength-meters
Many employers and even some online services have a password policy. The policy might be similar to the following. Passwords must 1. Be at least 8 characters long 2. Contain both upper case and lower case letters 3. Contain a digit and 4. Contain a symbol.
Even if the system or program you are using correctly enforces this policy I have seen many users use passwords similar Summer2015! The password meets all of the criteria and is easy to remember but it is a monumentally weak password for the following reasons. 1. Summer is a word in the dictionary 2. Most people will capitalize the first letter in a password 3. Most people put digits and symbols at the end of the password 4. An exclamation mark (!) is the most commonly used symbol in a password. Criminals rely on these behaviors. If a criminal attempts a brute-force attack, this password would be tested with every known username on a network within a few minutes. Security has to work every time while a criminal only needs to get it right once. A password that has eight characters or less can be cracked in around two days.