Great article over a the New York Times on password security.
“Keeping a keylogger off your machine is about a trillion times more important than the strength of any one of your passwords,” says Cormac Herley, a principal researcher at Microsoft Research who specializes in security-related topics.
Least Privilege Security, as part of a defence-in-depth security strategy, can help to keep keyloggers and other malware off users’ systems.
Herley continues by adding:
Security advice simply offers a bad cost-benefit tradeoff to users.
And according to the research:
“If an account is locked for 24 hours after three unsuccessful attempts,” they write, “a six-digit PIN can withstand 100 years of sustained attack.”