The true enemies of secure passwords are restrictive and inconsistent policies. The example password above would qualify for most password policies but not for all. I have seen policies that state that the password must be in between 5 and 8 characters. I have also seen many systems where only the first 8 characters were used, regardless of the true length of the password.

In my own workplace we have several inconsistent password policies. (There’s actually only one, officially mandated policy but every department implements it differently.)

Some passwords must be changed monthly, some every three months. Some are unrestricted, some must have at least one capital and at least one number, one must have **two** numbers… no more, no less and won’t accept any “special” characters although no one has defined what “special” characters are and finally some must have all of the above **and** special characters.

My only saving grace is that I **can** remember lots of horribly complex passwords.

Anyway, enough of my rant. Nice suggestions and a very good password choosing guide for anyone with a sane workplace.