[The Dharma Bum]

a "randomly" generated 13 digit pw with symbols numbers and caps and AV is secure enough for average internet user

do not use any word that is in any dictionary, no matter how obscure you think it is, because it significantly reduces your password's difficulty

that will put you out of the reach of someone using a brute force attack etc

[Mr.Bill]

Many people use QWERT... or Password... or 12345678.... as their PW's.. Or they post their family pix with their kids names on Facebook, then use their kids names as PW's..

There's millions of 'easy' targets out there.

[NAB]

I've always been a big fan of thinking of a password (combo of cap, letter and numbers), and then I mirror it. Not sure if it makes it more secure, but it typically doesn't produce actual words or personal info that way.

[uebermann]

I can see what Saz is saying. Trying to crack passwords using brute force/dictionary attacks aren't nearly as common these days when trying to get passwords. It is still done for various things but not typically for passwords for various sites. I'd be more weary of a keylogger/trojan than I would phishing. I've had my cc# stolen 3 times. I know one was from the Target fiasco. One was likely from an online liquor purchase I made at a questionable site (as the use of my CC was in the same area as the liquor store company), and one I still don't know how. I see trojans and such on people's computers all the time. I work as an on-call IT guy for a local real estate agent and she's got a "public" computer that 3 different employees use that gets malware/spyware installed all the time on it. They don't do anything sensitive on it at all so its not of a huge concern to them, but they also don't know how they keep getting it all on there.

That being said, phishing isn't really going to fool most people on this site. If any. We're not noobs here.

I use LastPass as well for non-sensitive stuff excluding my email addresses that I tie all my online accounts to. Honestly, I don't really care if someone gets my Linux Mint forum account and even if they do, I can just do a pw recovery on it since they won't have access to my email.

I need to look at getting a local program though, instead of LastPass. That way its on my computer only and not something that anyone online can access. That would be much more secure at least.