Validating new passwords
While many people have improved the security and strength of their passwords, there are still a huge number of people who pick from a very small list of common passwords.
In fact, 91% of all user passwords sampled all appear on the list of just the top 1,000 passwords (c) Xato.
This is my favourite piece of advice: If we want users to comply and choose long, hard-to-guess passwords, we shouldn’t make them change those passwords unnecessarily.
All passwords must be hashed, salted and stretched, as we explain in our article How to store your users’ password safely.
If there is a necessity to log on whenever and wherever you are and you just don't remember the needed password because it is written somewhere in your organizer but you don't have it so what you are going to do then.
As a matter of fact, you don't need remember all your passwords.
At the same time, the computing power available for password cracking just gets bigger and bigger.
OK, so I started with the bad news, but this cloud does have a silver lining.