Surveys detailing such folly can be found at PasswordResearch.com, a site maintained by IT security consultant Bruce K. Marshall. They present findings like 70% of people do not have unique passwords for each Web site and nearly half of all people write down their passwords. Read the papers and weep.
Password security is particularly important for Google because Google Account passwords unlock the keys to an individual's Google kingdom from anywhere in the world. (Google does not currently offer a way to limit Google Account access to certain IP addresses or ranges.) There is no firewall to bypass or office to break into when compromising a Google Account. The right password is all that's needed.
Google engineer HongHai Shen wrote a blog post about password security on Wednesday, acknowledging that fanatical devotion to strong passwords -- generating a random eight character string every two or three months -- probably isn't necessary for everyone. But he still believes passwords should be chosen with care. "Whether it's for your Google account, your banking center, or your favorite store, choosing a good password and keeping it safe can go a long way toward protecting your information online," he wrote in his blog post.
HongHai's advice, though timeworn, bears repeating because so few take such recommendations to heart:
Avoid common elements when choosing your password. That means no words you'd find in a dictionary, which might be vulnerable to "dictionary attacks." It also means that clever concatenated phrases like "letmein" or "opensesame" probably aren't all that clever. Figure too on the fact that patterns on keyboards, like "1234" or "asdf" are available on keyboards all over.
Make your password as unique as possible. This ought to go without saying, but, there, it's been said. Add numbers and non-alphanumeric characters to your password. Mix uppercase and lowercase letters.
Create different passwords for different sites. The benefit of doing so is obvious: If someone does steal your password, he or she doesn't have access to every Internet service you use. Particularly for financial and health sites, you should have unique passwords.
Don't share your passwords with anyone. And don't send them in an e-mail if you can help it.
Be careful how you share your information online. Social networking sites in particular have a poor record of keeping user information private and the gadgets that are popular on many of these sites are not developed with security in mind. If there's a way to find out how these sites and applications share data, it can be worth doing so.
Google provides additional password guidance in its Gmail Help Center documents.