To prevent your password from being hacked with social engineering, brute force or dictionary attack method, you should notice that:
1, Do not use the same password on multiple accounts.
2, The password should contains at least 20 characters, it should consists of both numbers, letters and special symbols.
3, Do not use the names of your families, friends or pets.
4, Do not use postcodes, house numbers, phone numbers, birthdates, ID card numbers, social security numbers, etc.
5, Do not use the most commonly used English words.
6, You should not let your browsers( FireFox, Chrome, Opera, IE, Safari ) or FTP client programs save your passwords, any password saved in the browser can be revealed with a simple click using a script.
7, Do not login important accounts with a public computer or a machine of other guys.
8, Do not login important accounts with HTTP or FTP connections, because the username and password in the message of a HTTP or FTP connection can be captured easily with a network protocol analyzer like Wireshark, which means that the password can be sniffed or hacked with very little effort. You should use HTTPS or SFTP connections.
9, It's a good habit to change your passwords regularly.
10, You can manage and encrypt your passwords with password management software. It's a good idea to add an extra protection to your passwords with the freeware iPassword Generator
11, Why you should not use long sentences as passwords?
- It's not easy to remember multiple long sentences.
- Sometimes you will need to tell a password to somebody, and change the password subsequently.
- It's recommended that you remember 3 to 5 main passwords, and store other passwords with a certain software, for example, you can save all other passwords in a plain text file and encrypt it with TrueCrypt or AxCrypt, or manage them with KeePass, all of them are open source and reliable applications.