We are constantly told to make our passwords more complex and harder to guess. And that is a good thing. But we should not imagine that merely making them longer or more obscure is sufficient.
Consider for example the password: Ph’nglui mglw’nafh Cthulhu R’lyeh wgah’nagl fhtagn1
That looks pretty formidable, right? But actually it took password cracking software just a few minutes to solve it. Why? Because, according to Dan Goodin, that is a phrase that occurs in an H. P. Lovecraft story that appeared in a Wikipedia article. Apparently password crackers have become increasingly sophisticated with the increasing power and speed of computers. As Goodin says, “Crackers have responded by expanding the dictionaries they maintain to include phrases and word combinations found in the Bible, common literature, and in online discussions.”
So you need to come up with a password that is both complex as well as (very likely) unique so that it would never appear in a dictionary and would require a brute force method to solve. It turns out that the stated password policies of companies often result in their users’ passwords having patterns that actually make them easier to hack.
Goodin’s article, including the comments and responses at the end, is a fascinating read for those interested in such things.