*blow dust off old thread* That password checker is lame... qwerty123 - medium qwerty123! - strong 2135468712316548943212313546879242135497 - weak Say wha?!
Not really, most of the example is far from being: You are better off NOT using any "predictable" combinations in the overall password...
For practicality, a (*) char included, three word passphrase, five or more for financial. Mind you, _oogle sits alongside JS enabled!
Update from June 2007. (boy this thread has been around a while) On security aware sites I now use 10 characters.
I am trying to get out of the habit of using the same password for every website. I actually do use 8, its weird how that is the most used =)
OH, I like that passphrase site and the Password Recovery Site! Good to know, unless I live to be at least 1000, I'm doing it right! I wish we could use that passphrase site at work, comin up with new passwords every month for every prog we use, is a drag...
6-10, voted 8 But I periodically generate a new one in Roboform to the max length for secure sites and use substitution to come with a new 15-20 digit one periodically for Windows on home systems.
I currently have 3 passwords on the go (some accounts created years ago still have the same weak password). For websites like these I use a password of less than 10 characters long. For important accounts I use a password of 20+ characters long.