The evergreen topic, because most corporate IT I’ve worked with is now insisting on new passwords every 90 days. And people who use the same password with a rolling number at the end just grate on my nerves. Very smart people, some of them, but misguided.
Our latest requirement is 8 characters (can it be more? doesn’t say it can. Probably. Check it.)
Upper and lower case letters, numeric symbols (0-9), punctuation: :,.!(){}[]) and Special, ie Shift-Number: !@#$%^&*, etc.
So lets take my birthday, which I have never used for a password, and see what we can do:
October91956 – more than 8 characters, but that’s ok. Needs punctuation or specials or both.
I’ve read the starting with a capital letter and ending with a 4 digit number are so common that malefactors expect to find it. So lets not give them either.
()ctober9!(%^ – 4 out of 5, no capital letters, but lowers, a numeral, special and punctuation.
0ct()beRgIgsG isn’t bad
RoktuberIX56 isn’t bad either.
Remember to start with something you’ll never forget, that you can remember how you transformed, and that you can write a perfectly underestandible plain-text hint for and leave some where you can see it any day, without revealing a thing.
“Geologic Birthday” would be good for RoktuberIX56…