Setting a decent password policy has long been a none of contention. IT people want passwords to be secure, and users want something that they can remember.
Net result is that a lot of password policies force users to use something that is hard to remember, but comparatively easy to crack. Having hard to remember passwords leads to users writing them down, reusing them in multiple places, or just coming up with something like P@ssw0rd and thinking they have bucked the system.
XCD wrote a cartoon about it:
So, to help out at Shadowfax I’ve created a password generator for our website. It is nice and simple, generates a password based on a number of random words (I recommend three). There are then options for whether you need a number, capital letter and symbol.
I also added an option to let you set the maximum size of the words used. The dictionary I’m using has 86,000 words in it, and I’ve found if you leave it too long it suggests words above my vocabulary. Great for learning new words- but hard to remember!