“With a strong password, there is little to be gained having to change it every few months,” says password security expert and author of Perfect Passwords Mark Burnett. “Six months to a year will result in a better experience for users and allow for stronger passwords.” Just imagine the sanity gained by going a whole year without a single password-change prompt. Think of the morale boost alone!Microsoft's criteria for a strong password:
Your humble observer keeps his passwords, handwritten, on ten pages of notepad. Yes, he is aware that various services will keep track of all of one's passwords, but he is fearful of them being hacked, too.
Is at least seven characters long. Does not contain your user name, real name, or company name. Does not contain a complete dictionary word. Is significantly different from previous passwords. Passwords that increment (Password1, Password2, Password3 ...) are not strong. Contains characters from each of the following four groups:
---Symbols found on the keyboard (all keyboard characters not defined as letters or numerals)
An example of a strong password is J*p2leO4>F.
Only the paranoid survive. --Andy Grove, Intel founder