- easy to remember (without writing down somewhere)
- not dictionary word/words
- resistant to social engineering
- resistant to permutations and combinations that can be arrived at through social engineering
- atleast 7 characters, maybe more for sensitive data
- should not match previous pr other currently held passwords
- contains a mix of upper- and lowercase alphabets, numbers, and symbols
the day has arrived when i need to add one more to them:
- should be possible to be typed on a cellphone
this rule is apparently the hardest one to keep, and ends up being the deciding factor on my selecting a password. as it is, finding a password that fits the rules above is pretty hard, and a password that satisfies those rules is, almost by extension, hard to type on a phone.
as a result, most of my current passwords will probably not change till i get a new phone - i've invested too much time into getting them right for me to throw them away for any other reason.
sometimes i wonder why i go to such lengths to justify my laziness.
btw, for the bordering-on-obsessively-curious, here's a list of the sites i access atleast a few times every week from my cellphone: