DarrkPhoenix: Glad to see it was just a phishing attack targeting users; otherwise it would be a serious WTF as to why Hotmail passwords were being stored in plain-text.
Lone3wolf: For better password security, and I know most people are far too lazy to do this :P :-
make your password at least a 10-character random selection of letters and numbers, using caps on some letters.
change it regularly - at least once a month
I'm sorry, but this is a really bad password policy, and will actually end up making most people's passwords
less secure overall. Why? Because it makes passwords hard to remember, so people are more likely to write them down (you even recommend this!!) which is a far greater security risk than any typical attack that an online account will face. Brute force/bulk guessing attacks are pretty rare against most services (due to the information being protected being low-value), along with such attacks being fairly ineffective against most online services and there being much more effective ways to compromise people's accounts (e.g. phishing and malware keyloggers). A good password should be something you can easily remember, something that's not common enough that it would be guessed within the first couple hundred guesses of a brute-force attack (this is almost a given for any password that's not 12345), and that people who know you wouldn't be able to guess. Pass phrases can be quite good here, as they typically fulfill all of the above, and are actually quite strong as far as passwords go (even something as simple as "I like pie" will be quite secure, provided you don't give it out to anyone or let it get captured by a phishing attack or keylogger).
Also,
here (pdf warning) is an actual research paper on why onerously strong passwords don't actually increase security.
Sorry, did you read what I said? I said
"If you MUST make notes on what your passwords are, keep them stored well away from your computer/regular access point. (one suggestion is write oblique clues to passwords, and hide them inside dust-jackets of books...but that's just one. Use your imagination!!)"
Keep anything written down well away from computers.
Use clues to the password, preferably oblique references rather than the actual password : phrase(s) that would only mean something to you, personally.
Never use words found in dictionaries. At all. Ever. That's the FIRST thing people use. Compiled lists of common usage words from dictionaries.
Also, never use pets names; relations; "magic phrases" (abracadabra, open sesame letmein etc etc etc); school friends; favourite TV shows...whatever.
In 25years of using passwords of a random nature, I have not forgotten one, had one "broken"; or used more than once.
The human memory is actually very good at remembering stuff like this. If you use it properly ;)
