What about generating a random set of characters, including numerals and punctuation? Not so good either, since several of us would leave that password on a post-it note near the computer in a secret hiding spot because we can't remember. How secure is that going to be? Toss the sticky, yet we'd forget the password.
One author's advice, Thomas Baekdal from an article "The Usability of Passwords", writes to use a phrase you can remember. Something like "thisisfun". He offers mathematical justifications for using phrases rather than single words, as computer algorithms can crack open any single word much faster than a phrase.
A few rules for your passwords you may want to consider:
- Use a phrase you can remember, at least 3 words in length
- Don't write it on the post-it note
- Change your password every so often
- Probably not a good idea to use the same password for every single account
- Don't use easy to key keystrokes like "asdfg"
- Substitute in punctuation or numerals for letters like "thisi$fun"
Not only should we practice these protocols, we need to be teaching these protocols to our students.