Complex passwords are okay, but probably not as helpful as a lot of people think. Website logins are too slow and are probably going to lock someone out before they are able to do any serious cracking. The vast majority of breaches occur through social engineering, as people are persuaded to give up their security information voluntarily. It may be something seemingly minor, but it can lead a hacker to thread through increasingly important accounts to, say, one's bank account.
Related: Perhaps you should have added #11: Logging into your secure account on an insecure computer. Public computers or even your friend's computer may have malware that will send your login information to some hacker in eastern Europe. A complex password won't help avoid this, but frequent password changes might alleviate your risk.
Keep Up with TechRepublic