Horse Battery Staple is Correct After All
The password advice we all hate - upper and lower case, numerals and punctuation, change it frequently - is wrong. We knew this in our guts, but now Bill Burr, the original author of the NIST report that started it all in 2003, has recanted.
So now, we're back to this.
![](https://kahomono.com/media/posts/999/password_strength.png)
The Electronic Frontier Foundation has word lists you can use for this. They recommend dice to safeguard your picks from any system compromise you may have. If you're a little less paranoid about it, you can use this Google sheet I have prepared from the SOWPODS.
Finally... DON'T change the pass phrase you make, unless you have a positive reason to believe it's been compromised. Changing passwords on a regular schedule makes people tend to use predictable passwords. And no good can come of that!