From Neal O’Farrell at the Identity Theft Council.
He suggest creating a use a passphrase.
A passphrase is a short sentence that’s easy for you to remember – that describes something about you and your life. Something that a hacker would have a very hard time knowing or guessing.
For example, the phrase could be something like “I graduated from Notre Dame University on June 1st 2002.” Pick the first letter from every word in that phrase, making sure you include the upper and lower case, and keep all the numbers.
That would give you the following password: “IgfNDUoJ1st2002” That’s a massive 15 characters and includes upper and lower case letters and numbers. Change the “I” to the symbol “!” and now you’ve made it even harder to crack.
Clients always ask what our “Minimum Password Requirements Are” First, there isn’t always an “Our” Minimum” , but there is often “Their Minimum” because many systems set their own Minimum. We just pass that information along.
The most common complexity rules say:
A password must not contain:
all or a part of AccountName
all or a part of the email address
the entire Display Name
The password must contain characters from three (3) of the following five (5) categories:
English uppercase letters (A-Z)
English lowercase letters (a-z)
Special characters (e.g. ! $ # %)
Unicode characters that do not fall into one of the above categories (e.g., a Japanese character or Russian letter)
If you follow theses settings, you wont have issues with most password complexity systems!