Doing this project for my work, which requires me to crack passwords from a long list of users, has taught me a lot of general things about passwords. I’ve actually figured out
600 745 of the 2000 passwords from users just because they were pretty weak passwords.
Passwords that are words in the dictionary (or multiple words combined) are easy to figure out. Never use your username, information about you that can be easily found out, “password”, or information about the site your account is on as your password. Fully alphabetic or numeric passwords aren’t too hard to figure out either. Combining them helps, but using “animal1” won’t get you too far. Passwords that are short (less than 6 characters or so) aren’t too hard to figure out either.
The best password is something that’s really random, and not even your closest friends could figure out. A word that is rarely used, such as an exotic animal, food, action, or tool, is a good starting place. I would then add multiple numbers to one side of the word that you can remember, but is not something public to the rest of the world (license plate is no good). Capitalize a random letter or two in the word, and maybe even change some of the letters to special symbols (a -> @, T -> 7, A -> ^, S -> $). If you don’t replace letters with special characters, put some in between, after, or before your password. Finally, it’s a good idea to use the different password for different accounts if possible.