Choosing a good password is always a problem. The essential tension is that a good password should be easy to remember, yet hard to guess. Most people err on one side or the other. Most people choose passwords that are too easy to guess, such as the name of their spouse or pet. Any word in the dictionary makes for a quick security breach. We have other vendors who send us passwords like 8#{aUv7. Yes, it's hard to guess, but also impossible to remember, guaranteeing that it'll have to be written down, copied, pasted, stored, and generally left laying about. Here's some hints of forming usable passwords:

NIST standards call for users to change their passwords every 90 days. This is commonly accepted wisdom in the security community, but I remain dubious. I think one well-chosen, well-guarded password is better than a string of mediocre passwords that change so often the user has to write them down to remember which one they're using at the moment.


In closing, have fun with the idea.