If you want to know how to choose a password, follow those simple rule: Create a long passphrase.
A complex password that is hard to remember is only going to frustrate users into writing them down, completely missing the point of having a strong password.
Do you want to choose a password that would take millennia to crack? Choose something like:
How much time is needed to crack such a password?
On a more technical side, the National Institute of Standards and Technology, has recently published its four-volume Digital Identity Guidelines.
Among other guidelines, the published document explains how to choose a password and what works and doesn’t work anymore in terms of passwords protection:
- Complex passwords are not needed. If you want to a good password, choose a pass phrase.
- Password Expiration is an old solution to an old problem. There is no need for a password change unless a compromise took place.
- Let people use password managers.
Of course, a password is better than no password!
What do you think about these updates?