Strong passwords should be very important for any person that has information that the world shouldn’t access.
Typical password approach
For most people, their single method to secure what they have digital access to is a password. A single password, or a few if they’re “advanced” users, or if the application they use has unusual ‘strength’ requirements. That’s the crux of the security failure. A single password is a single point-of-failure, where a database ‘leak’ will lead to all of your accounts being compromised, since typically you use the same email (and generally same password) for access to ALL your online accounts. So once someone figures out that email/password combo, they can go to major websites and try to login on your behalf…it’s a race to see if you can change your password quicker than they can find sites you use it on – IF you know your password leaked.
If you’re creating your own passwords, you’re “doing it wrong”.
Also, because you have this one password, and you use it frequently, you want it to be simple, easy to remember and easy to type. This is the second failure of common password usage. If it’s simple/easy to type, the chances are there isn’t much entropy, meaning it’s easy for someone to use a system to “brute force” the guessing of all passwords, and if yours isn’t complex enough, your password will probably be found. The shorter, simpler the password is, the more susceptible it is to this kind of ‘hacking’. Even the government thinks complex passwords are good…we want to use good passwords, but we aren’t good at memorizing strong, secure passwords, there HAS to be a MUCH better way…
For a more extensive explanation of why a password you know is bad, and why password managers are good, read anything by Troy Hunt.
Using any password manager is generally better than using nothing. However, I encourage the use of KeePass, an open-source, FREE, password manager. I’ve used it for years and never had any problems. It uses a ‘master password’ – which should be a LONG and complex pass-phrase like (“Cubic bootleg $12 garden swagger” – created here).
This pass-phrase will allow you (or anyone) to access ALL your passwords. You can have common “password profiles” which will specify length and types of characters to use. You can easily organize all your entries, it will auto-type the passwords for you once you’re on the form, you can have ‘expiration’ dates for passwords, which then flag the entry to encourage you update/change your password for a certain service.