Almost everything you thought you knew about passwords is probably wrong. That's the gist of a Wall Street Journal article describing new recommendations published earlier this summer by the National Institute of Standards and Technology (NIST).
Forget the gibberish of letters, numbers and symbols, say the authors of the new recommendations. Use four words you can remember, but not those that are obvious like "password" or close variations.
The new NIST recommendations also drop the suggestion that passwords need to be changed on a regular basis. Changes only need to be made when a password may have been stolen.