[From the archives - 2008. Updated for 2014.]
Many years ago I had occasion to visit a bank headquarters on a programming job. We went into a secure computer room and I noticed a computer terminal on a table all by itself in the middle of the room. My host said that this was the sole access point to look at account information for any of their customers and that I shouldn't touch it. And there, scotch-taped to a pole next to the table, were the login instructions with the incredibly complex password needed for access. Nobody could ever remember it, so they had written it down for reference.
I was reminded of this blast from my past while working on a client webinar. They had set up their conference in Microsoft Live Meeting and let the software default to picking the attendee password for the event. If you do that, Microsoft chooses a password comprised of upper and lowercase letters, numeric digits, and punctuation marks. So all attendees were supposed to log in using something like qP{4,X as their password.
The problem with a password like this is that it makes your event less secure, rather than more so. Passwords of this sort are designed to thwart "brute force" hacking programs that try sets of common words and birthdates in an attempt to access a protected area. Do you really think a competitor is going to programatically attempt to break in to your meeting with a sophisticated password hacking generator? No, they are going to look for a piece of paper with the entry password written on it. That is the method of choice for the vast majority of security breaches in the world.
The fact is that using the same event-level password for all attendees is not a security feature... It's just something to inconvenience people who stop by to see if they can easily log in without an invitation. Once you've emailed the same password to all registrants and told them that this is how to access the event, security ceases to be a factor. Any one of them can email the instructions to anyone else they want to give access to. You might as well make their lives easier by giving them a code word that is easy to remember.
Try to stay away from characters that are easy to confuse with each other. The number 1 can look like a lowercase l or uppercase I depending on the font. The number 0 can easily look like the letter O.
Event security starts to make more sense when you give registrants their own individual login ids and passwords. If you are responsible for creating each user's password, try to make it easy enough for each person that they don't have to write it down and stick it to the side of their computer! If users are allowed to make their own passwords, turn off advanced security settings that force them to use a combination of upper/lower case, punctuation and numbers.
Honestly, in most cases the fact that you have a password of any sort is enough to keep the unwanted away. Think about the reality of your security needs… Unless you are sharing sensitive information that could severely impact your organization in the event of an unexpected attendee, you are usually better off making attendance more convenient for the people you do want.
