Managing passwords and passphrases
Why do most passphrase password hints suggest using the first letter of each word instead of using the whole phrase? I am currently using passphrases consisting of 15 or more characters including spaces. There is only one place that I access that requires an eight character password and it is also limited in what you can use in it. My current passphrase has uppercase, lowercase, special characters, spaces and numbers -- it is fairly easy to remember. When you have more than one in use, does it become harder to manage?
Some people believe that no password or passphrase should contain anything that can be found in a dictionary. Most people have their own opinions regarding the "ideal" password or passphrase and I always recommend aiming for the best practice of "easy to remember yet difficult to guess" and (especially) do what makes the most sense for the business. It sounds like you're on the right track. I wrote more about this topic in a recent SearchWindowsSecurity.com article: Windows password management myths.
This was first published in August 2005