Passwords are essential for personal and financial security. Passwords keep private information private, ensure the integrity of financial transactions, and help deter personal and business crime.

But do your passwords get passing grades? Whether you're trying to protect data on your personal or business computer, or transactions and information accessible through online sources, any ordinary password just won't do.

To test the adequacy of your passwords, complete this simple – but probing – quiz. Describe your password behavior by answering “yes” or “no” to each of these statements.

•  My passwords use standard case (for example, all upper case or all lower case).

•  When a vendor or data provider furnishes me with a sample password, I use the sample for my own password.

•  I use obvious, easy-to-remember phrases (such as name, address, birthday, TV show, etc.) for my passwords.

•  I keep a list of all my passwords in my wallet or other easily accessible place.

•  I keep my passwords short, usually six or seven characters or less.

•  I log in to my computer or online files when other people are standing nearby.

•  I don't clutter my passwords with numerical symbols and punctuation marks.

•  My passwords are available in easy-to-find places, such as taped to my desk or the back of my computer, or in my online address file.

•  I give my password to colleagues and associates who might need it at some point.

•  I leave my computer logged on – or set to online – when I'm away from my desk or work station.

•  I'm quick to furnish identifying information when I receive an e-mail message asking for this.

•  When selecting a security question (such as “What is your mother's maiden name?”), I always take the first option offered to me.

•  My passwords are all real English or foreign words.

•  I keep my password intact for at least two years at a time.

•  I don't waste time reading in-depth material on password safety.

In case you haven't already guessed, each of these statements represents poor – even dangerous – technology behavior. If you tagged statements with a “yes” more than five times, you're at serious risk for financial or information loss.

To give yourself optimum protection, however, you should be able to answer “no” on every statement. Keep these hints in mind as you review your password security:

•  Some passwords are case-sensitive. By mixing upper and lower case characters together, you decrease the likelihood of a malicious random generator program guessing your password.

•  Sample passwords are just that – samples. Never use a vendor-supplied password as your own.

•  It's easy for online thieves to obtain personal information about you, such as your street address or birthday. Thieves know that many individuals use information like this as passwords. So don't.

•  Remember that highly accessible password lists – say, kept in your wallet or desk drawer – can be easily lost or stolen. Keep your password list in a safe or other secure location.

•  Short passwords are easy to guess, or generate through an automated program. While there's no ideal length, a good password is usually at least eight characters long. Every character you add decreases the probability of theft.

•  “Shoulder surfing” is an easy way for colleagues or visitors to obtain your password. Never enter this sensitive phrase while others are nearby.

•  It's a good idea to include numerical characters and symbols in your passwords – again, because they reduce the probability of targeted or random access to the phrase.

•  Don't leave your password in plain view, or even stored on your hard drive. Real-life thieves and virtual hackers have been known to obtain password data stored this way.

•  However trustworthy a colleague may be, don't give your password away – ever. While your associate may be 100% reliable, once your password is in someone else's hands, you have no control over its placement or potential loss.

•  When leaving your desk or work station, stay safe and log off your computer.

•  Never provide a password or any sensitive personal information in response to an e-mail message or telephone call, even if it sounds legitimate. A favorite tactic of “phishers” is to masquerade as a legitimate company, bank or law enforcement agency and solicit information from all-too-trusting consumers.

•  Whenever you're allowed to generate your own security question, construct one that's unusual. It might be the middle name of a childhood friend, a rare plant, or some other obscure phrase. Better yet: mix the phrase with a series of numerical characters or other symbols.

•  The best passwords are meaningless phrases not found in any dictionary. This helps prevent hackers – who often load the contents of dictionaries into their foraging programs – from stumbling on your data.

•  Passwords should be changed regularly, perhaps as often as every month or two.

•  Hacker techniques are changing and improving – just like technology in general. So whenever you can read up on password and computer safety, take the opportunity to do so. The result: you'll stay abreast of the cyber-threats facing you, and better prepare yourself to prevent a threat from turning you into a victim.