Quote:So if you want your password to be hard to guess, you should choose something not on any of the root or appendage lists. You should mix upper and lowercase in the middle of your root. You should add numbers and symbols in the middle of your root, not as common substitutions. Or drop your appendage in the middle of your root. Or use two roots with an appendage in the middle.
Even something lower down on PRTK's dictionary list -- the seven-character phonetic pattern dictionary -- together with an uncommon appendage, is not going to be guessed. Neither is a password made up of the first letters of a sentence, especially if you throw numbers and symbols in the mix.
The above paragraphs are lifted from the middle of the linked article as the advice for choosing "hard to guess" passwords (which seems to indicate that the attack software described by the author would have to go to it's sixth and seventh set of generating tools to get). Also, the first paragraph I quoted is something similar to the guidelines implemented by the IT folks at my company...
Passwords must meet three of the following four criteria:
1) contains 3 or more lower case letters
2) contains 3 or more upper case letters
3) contains 1 or more special characters (@, #,$, %, &, !, ,, ., and ? are acceptable, \, /, and * are not)
4) contains 1 or more numbers
Passwords must be reset every 2 months, and cannot be the same as any of your last 3 passwords.
The thing I always try to avoid are things that everyone knows about me like my wife's name, my son's name, etc. These sorts of things are very easy to remember, and very easy to guess. They also seem like things that would be common in the passwords of grandparents and non-savvy folks who would be likely to have a document somewhere in their email of all their bank accounts, etc. Not that I know anyone like that...
/forwards article on to his own parents/