Password Policy Wall Of Shame
Developer Recommendations
User Recommendations
TL;DR
Use a password manager and
generate (30 character) long random passwords
!
Do enable Two-factor authentication where ever possible (but, it is better not to use SMS if an alternate option is available)
sites that offer 2FA
Do not reuse passwords!
Do not use information about yourself as a password (e.g birth date)
Popular Password Managers:
Keepass
1Password
Lastpass
A physical notebook
More good security advice:
http://nothingofvalue.org
Resources
EFF Surveillance Self Defence
-
Playlist
How to choose a good password - Troy Hunt
How to Choose a Password - Computerphile
Generate passwords
Diceware
Passwords unmasked
GRC haystack: Brute Force Password “Search Space” Calculator
Dropbox: JS Password strength meter - zxcvbn
Kaspersky: JS Password strength meter