Passwords are easy to forget. Many users therefore choose simple passwords.Organizations today have an average of three logon systems, usually each with different password rules. From the user's point of view, this creates a great deal of confusion. We know, as do the hackers, that 30-50% of users choose passwords like the name of their spouse, child, pet or car, or telephone numbers and dates of birth of family members. An IT administrator frequently like to place complex requirements on the choice of passwords, but then pays the price of having to deal with users forgetting their passwords more easily. The graph above will not come as a surprise, but it is important to bear it in mind. Why do users forget passwords when there are limitations on their structure? This is largely because users do not realize how important passwords are for security. A good password consists of between six and eight characters. One easy way of creating a good password, that is easy to remember, is to group together two and two or three and three (lower security) letter/characters, for example ‘BA SK 86 18’. This method is already used as a way of making telephone numbers easier to remember (grouping 2+2+2+2 or 3+5). The advantage of these passwords is that they remain strong even if the composition of only two characters is changed. The widely-used alternative is to place an extra character after a spouse's name: BILL, BILL1, BILL2, etc. It should be the responsibility of the system administrator to inform users of the rules governing passwords, and to ensure that the rules are followed. It is difficult for a logon system to detect every weak password. This needs to be compensated for by creating a positive general atmosphere surrounding passwords and data security.