The latest NIST (United States National Institute for Standards and Technology) guidelines on password policies recommend a minimum of 8 characters. Perhaps more interesting is what they recommend against. They recommend against allowing password hints, requiring the password to contain certain characters (like numeric digits or upper-case characters), using knowledge-based authentication (e.g., what is your mother's maiden name?), using SMS (Short Message Service) for two-factor authentication, or expiring passwords after some amount of time. They also provide recommendations on how password data should be stored.
[Ed. Note: Contrary to common practice, I would advocate reading the entire linked article so we can have an informed discussion on the many recommendations in the proposal. What has been your experience with password policies? Do the recommendations rectify problems you have seen? Is it reasonable to expect average users to follow the recommendations? What have they left out?]
(Score: 2) by hemocyanin on Friday August 19 2016, @09:06PM
Have you tried diceware? Similar system but truly random:
http://world.std.com/~reinhold/diceware.html [std.com]
(Score: 2) by Gaaark on Saturday August 20 2016, @12:52AM
I just choose 4-5ish words that have no connection with each other, but that seem to be easy for me to remember.
If i had to rely on dice/random, i might not be able to remember it (i'd probably have a better chance of remembering the dice roll result, lol... numbers seem to be no problem for me: combination locks/door pin numbers/debit card numbers... it all just stays in the head for some reason).
I just choose a bunch of words and find the ones that fit into my brain easily, i guess.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---