Apparently passwords are no longer in style. One of our loving friends at Micro$oft posted this blog entry. To summarize, he says “use pass phrases”. Apparently Windoze 2k/XP/2k3 all support 127 character ‘passwords’. So instead of one pseudo-random password that’s only 8-10 characters you should have a 30 character pass phrase, because after about 14 characters it gets very difficult very fast to brute force.
I personally use a 15-25 character password, but I never thought of it as a pass phrase. To compliment Robert Hensing’s method, He says use symbols like anything you would normally see in a sentence, Now I suggest replacing random letters (even if it is in l337 style) and spaces with numbers or other symbols. So, it may make the pass phrase a tiny bit more difficult to remember, but it makes it a lot more difficult to crack.
All lower case letters = 26
All uppercase letters = 26
Symbols = 32
Numbers = 10
Total = 94 possibilities
(I hope the following math is right) 20 character password at 94 type able characters = 2.90106E+39 possibilities. Compare this to your standard 8 character password @ 6.09569E+15 possibilities. Or how about 30 characters? 1.56256E+59 possibilities.