Tom Merritt at TechRepublic offers five tips for strong passwords:
- 10 characters minimum. The longer the better. A 10-character password takes at least four months to brute force crack, 11 characters takes a decade, 12 characters takes two centuries... So yeah, longer is better.
- Break up common words with random characters. Like a slash after the o in horse, a random number three in between the two ts in battery, or a close bracket before the l in staple. This is a way to use a passphrase which is easier to remember, but makes it much harder to guess.
- Use a number. Put it somewhere beside the beginning or end and don't use the number one. Most people make a password "secure" by adding a one to the end. Likewise, use another special character besides an exclamation mark--most people use an exclamation mark, and the attackers know this.
- Capitalize at random. Yes capital letters make it harder to crack, but most people just capitalize the first letter. Don't do that. Capitalize literally any other letter.
- Use a password manager. Free yourself from having to create these passwords yourself. A good password manager will make randomized passwords that are difficult to crack and it takes the pressure off you.