Stavros Korokithakis has a nice post on choosing and securing passwords. Although his recommendations won’t come as news to Irreal readers, the post is still worthwhile because he explains the reasons behind his recommendations. Even more useful—especially for your Aunt Millie—is a list of ways to keep your password secure.
The end of his post is a “Best Practices Summary” that lists 6 rules for picking and securing your passwords. If everyone followed the advice in that list, password crackers would be pretty much out of business.
Of course, crackers needn’t fear imminent unemployment. If you follow the Dropbox link in Korokithakis’ post, you’ll see that in one study of 6 million passwords, 99.8% of them were in the top 10,000 list and 91% were in the top 1,000 list. As Korokithakis points out, you needn’t outrun the bear, only the other guy the bear is chasing. With statistics like that, it won’t be hard.