Keep it (really) simple
This tip was submitted to the searchSecurity Tip Exchange by user David Heydecker. Let other users know how useful it is by rating the tip below.
The simplest rules are the best. Make sure that your users know NEVER to write down a password, but to choose an easily remembered one, substituting numbers for equivalent letters, for example (such as the number three for the letter e). Discourage real words and suggest acronyms, such as mMbab1 (make MY bonus a big one). My favorite example of why passwords should never be written down: A company found that a cleaner spent his evening surfing questionable sites -- facilitated by users' passwords written on yellow stickies "hidden" in the top left hand drawer of their desks.
This Content Component encountered an error