My guide is minimum 8 characters comprising upper lower case,
numbers and symbols (where the system allows them).
I disagree with “change it often”. If a password is properly
secure then there is no need to change it. Some of my internet passwords have
been the same for nearly 20 years (in one case) and if you haven’t given it
away, written it down or breached it in some other way, then I would suggest
keeping it. All changing it does is give help desks work. Don’t keep it forever
(my example is extreme), but you get what I mean.
Also do NOT substitute letters for equivalent numbers, e.g. 4
for A or 1 for i.
Don’t use dictionary words – especially where the system will
allow infinite tries to guess it.
I would recommend something meaningful to you but garbage to
most other people e.g.
!MHiCiO4iaMG! = !My Hobby is Cars I own four
including an MG! – This is a long complex password, but I can remember it.
For a properly random password do a search for diceware – used
in some government departments.
Suppose I’d better change my Halifax password now.
Simon Howarth.
<snip>