Mark Burnett disects the TSA’s password policy and recommends this one instead:
So what would I use as the ultimate password policy? If I was ever in the position to set an organization’s policy, and it required a much higher than normal security, it would be this:
- Minimum password length is 15 characters but can contain anything you want including spaces.
- Your new password shouldn’t look too much like your last one.
- Don’t reuse this same password anywhere else.
Then, I would provide a short list of example passwords to spark their creativity such as this:
- C:program filesgreen
- 1-800-orange piano
Link: Worst Password Policy Ever? « Xato via xato.net