Features of "good" passwords:
(1) length: from 5 to 8 characters
(1a) If too short, then it is feasible to try all combinations.
(1b) If too long, then there may be too many problems in reliably entering the password.
(2) not predictable based on knowledge of the person
(2a) birthdates, phone number, social security number, etc. of person or family members
(2b) nicknames or initials
(2c) name of pets
(2d) hobbies
(3) some suggestions
(3a) joining small words
(3b) private misspellings
(3d) addition of numbers at the beginning, end or in the middle
(4) not so complex that it is impossible to remember. While a highly random jumble may be an hard to guess, it is also more likely to be cause problems for the owner.
(5) Do not use a single word as spelled in a dictionary, since a hacker could sequence through a computerized dictionary,
In general, anything that makes all or part of the password predictable limits its effectiveness. Knowing a single element and its location reduces the possible password combinations 36 fold (26 letters and 10 numbers).
Good password practices:
(1) Change password periodically (every 3-6 months, more often in critical areas).
(2) Change the password if suspect compromised.
(3) Do not share password with others.
(4) Do not post the password where it can be seen by others.
(5) Do not discuss features of the password used.
(6) If it is written down, then it is not accessible to others and preferrably coded.
(7) Do not allow vendors or service engineers to use "standard" passwords.
