Who has the keys to your information?
Any cyber security plans you make have to assess the mix of risks: gaps in the programming, errors in deployment and maintenance, insufficient operational controls, and then there are the users!
Like home security systems that are not armed, the failure of users to protect themselves mocks the efforts made on other fronts to secure the data environment.
Users underestimate how important they are in the defense of information. Their disregard for the underlying aims of the company regarding privacy and market-advantage should be a big red flag to management about their own effectiveness. It shouldn’t be “cool” to disdain the tech-tools provided to do your job.
Look at your company’s security issues and identify those that stem from poor enforcement of the basics. Then, police yourself.
I suggest you surrender to the idea of complex passwords and then put on your thinking cap and come up with a system that works for you. As an authorized user, you represent someone who crosses the proverbial moat and enters the kingdom of data. Don’t be blasé about that!
1) Quit being so literal. On security questions you do not (and should not) include actual information like your mother’s maiden name (say it is Jezebel) or your place of birth (try Hickinpickin) or provide any other verifiable factoid.
2) Keep it simple: I.luv.2.dogs? incorporates upper and lower case letters, a number and a symbol.
3) Do not cross-contaminate passwords by using a public-forum password like Hotmail with a secure forum like banking.
4) The more characters in a password, the better. Going from the standard 8-character to a 12-character password slows down auto-hackers*. Don’t always go for the minimum, sprinkle in a few extra taps because it’s well worth it.
* If there are approximately 80 alpha-numeric-symbol characters available, then the complexity comes from the additional choices in the 9th, 10th, 11th and 12th characters (80*80*80*80). This compounds the 80*80*80*80*80*80*80*80 possibilities of the basic eight-character minimum.