This is a great article from the October newsletter of my friends at Onsite Computer Specialists. This is stuff I honestly didn't know, and that I found very useful. So I'm passing it on!
How to Create a Strong Password You'll Actually Remember
Pop quiz: See if you can guess which password is more secure -- Tr0ub4dor&3 or correcthorsebatterystaple. The first password is a jumble of letters (both uppercase and lowercase), numbers and characters, with a few numbers substituting for letters. The second is a string of four common words -- correct horse battery staple.
So. Which is the better password? Keep in mind that hackers can design programs to run thousands of password guesses per second....
If you picked the second one -- the string of common words -- give yourself a gold star! It's the stronger, more secure password. It's also easier to remember than the first. And it goes against all of the password advice we've been given to date.
"Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess," writes Randall Munroe, mathematician and creator of the brilliant XKCD.com, "a webcomic of romance, sarcasm, math, and language."
According to Munroe's calculations, the jumbled password could be cracked in about three days by a program running 1000 guesses a second -- child's play, in other words. The same program would need 550 years to guess the second password, which has roughly 44 bits of entropy (compared to the other's 28).
What does this mean to you? It means you can stop picking (and forgetting) gobbledygook passwords. Instead, choose a few generic words (avoid proper nouns like your dog's name or your hometown) and commit them to memory. Time required? Less than a minute. Brain cells required? Very few. Now your passwords are stronger AND easier to remember.