Current research suggests that password length far outweighs other factors, including complexity and rate of change, in terms of providing security. Using a passphrase instead of a single password has been found to more secure and is easy to remember. This is because it is okay to use ordinary words, provided they are random enough to foil simple guessing. This is also what provides its length. A passphrase such as “battery-staple-Burma-correct” would be easy to remember and with 28 characters, plenty long.
Spaces are not allowed because of technical limitations. Passphrases should be between 15 and 30 characters long. Any of the following special characters could be used: % * + - : ? _
See the ITS Safe Computing website for more information: www.macalester.edu/its/safecomputing.