tag:blogger.com,1999:blog-4109121989878952716.post8366577778303840723..comments2010-02-08T08:17:27.017-08:00EHReditorhttp://www.blogger.com/profile/05554437768441364746emily@practicefusion.comBlogger1125tag:blogger.com,1999:blog-4109121989878952716.post-30605360487905763422010-02-08T08:17:27.017-08:002010-02-08T08:17:27.017-08:00I have 3 levels of username/password for the 3 levels of websites that I use. They are all based on one of 3 phrases that I have in my head and then plying a first character from the phrase. So long as I remember the phrase, I can pretty much always remember my password. An example which I often used while instructing the lawyers who used our legal software was: &quot;We the people of the united states in order to form a more perfect union.&quot; became wtPotU5mpU or something like that. As long as its over 10 characters, has a nice mix of stuff in it and isn&#39;t dictionary recognizable, it&#39;s a decent password.<br /><br />But the onus of protection is on the website itself. There are many layers of protection to use, but I think a great thing to do (and we did this on our legal website which required high-levels of security) was to publish a 3rd party report of a penetration test of our security. A double-edge sword, to be certain, but it showed that we took security seriously and were proactive in that. <br /><br />It&#39;s one thing to say, &quot;I&#39;m secure&quot;. It&#39;s another to actually show it.<br /><br />AdditionalBernzhttp://www.blogger.com/profile/16451988884915833897noreply@blogger.com