Don't use your own name as a login name in any form (as-is,
reversed, capitalised, doubled, etc).
Don't use the name of your spouse or child in any form.
Don't use other information that might be easily obtained about you.
This includes ID card numbers, license numbers, telephone numbers, birth dates, the name of
the street you live on, and so on.
Don't use a password that contains all digits, or all the same
Don't use consecutive letters or numbers like "abcdefgh" or
Don't use adjacent keys on the keyboard like "qwertyui".
Don't use a word that can be found in an English or foreign language
Don't use a word in reverse that can be found in an English or
foreign language dictionary.
Don't use a well-known abbreviation e.g. HKSAR, HKMA, MTR.
Don't reuse recently used passwords.
Don't use the same password for everything. Have one password for
non-critical activities and another for sensitive or critical activities.
Don't write down your password, particularly anywhere near your
computer or file it in a box file with the word 'password' written on it.
Don't tell or give out your passwords to other people, even for a
very good reason.
Don't display your password on the monitor.
Don't send your password unencrypted, especially via email.
Avoid using the "remember your password" feature associated with some
websites, and disable this feature in your browser software.
Don't store your password on any media unless it is protected from
unauthorised access (e.g. encrypted with an approved encryption method).