RE: How to avoid the '500 worst passwords of all time'
I always use an easy to remember sentence, then substitute numbers for one set of the letters.
I might sub 1 for all the "I"s, 0 of "O", 5 of "S" and similar. I like working the word "ate" into it, subbing the singular 8 for the whole word.
I write the sentences out as you would normally, including punctuation. This helps people remember where any capital letters are, at the start and in any proper nouns.
Examples:
Y0u f0rg0t the passw0rd already!?
Who 8 all the 1cecream?
Plea5e don't abu5e thi5 5erver.
If spaces are not allowed I simply eliminate them.
I've yet to have anyone forget their password/phrase. Most of them are wireless keys btw. I'll make a much shorter statement for windows user passwords, for eg:
B0nny r0ck5!
If you make the phrase appropriate to the user (or deployment) you don't have to write it down, just the nature of the substitution(s) o - 0, s - 5 for to above example.
