Two posts to enlighten the public about their password habits. I have no replies to retrogressive comments.

How many seconds would it take to break your password? By Kevin Fogarty

Security breaches of mind-numbing size like those at LinkedIn and EHarmony.com set crypto- and security geeks to chattering about weak passwords and lazy users and the importance of non-alphanumeric characters to security.

But you've never met any non-alphanumeric characters. Sure, you befriended a couple of street people who were a little off kilter when you were in college, and there was that hottie in a Provincetown bar that wasn't what he/she appeared to be at first. They qualified as characters, but denying them alphanumericity is pretty harsh.

And insisting on a particular number of characters in a password is just pointless security-fetish control freakishness, right?

Nope. The number and type of characters make a big difference.

How big? Adding a symbol eliminates the possibility of a straight dictionary attack (using, literally, words from a dictionary. Adding a symbol, especially an unusual one, makes it much harder to crack even using rainbow tables (collections of alphanumeric combinations, only some of which include symbols).

How big a difference to length and character make?

Look below and pick which password-cracking jobs you'd want to take on if you were a computer. The examples come from the Interactive Brute Force Password Search Space Calculator.

How long would it take to crack my password: (Includes letters and numbers, no upper- or lower-case and no symbols)

6 characters: 2.25 billion possible combinations

Cracking online using web app hitting a target site with one thousand guesses per second: 3.7 weeks.
Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 0.0224 seconds
Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 0.0000224 seconds

10 characters: 3.76 quadrillion possible combinations

Cracking online using web app hitting a target site with one thousand guesses per second: 3.7 weeks.
Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 10.45 hours
Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 37.61 seconds.

Add a symbol, make the crack several orders of magnitude more difficult:

6 characters: 7.6 trillion possible combinations

Cracking online using web app hitting a target site with one thousand guesses per second: 2.4 centuries.
Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 1.26 minutes
Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 0.0756 seconds

10 characters: Possible combinations: 171.3 sextillion (171,269,557,687,901,638,419; 1.71 x 1020)

Cracking online using web app hitting a target site with one thousand guesses per second: 54.46 million centuries.
Cracking offline using high-powered servers or desktops (one hundred billion guesses/second) 54.46 years
Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 2.83 weeks.

Take Steve's advice: go for 10 characters, then add a symbol.

Link: http://www.itworld.com/security/280486/how-long-would-it-take-crack-my-password

Here are two links you can use to aid your password choice. The first was the one used in the post above:

1. https://www.grc.com/haystack.htm

2. http://howsecureismypassword.net/

For the more technical the comments on this page are interesting: http://it.slashdot.org/story/12/06/08/0325242/how-many-seconds-would-it-take-to-crack-your-password

If it wont be considered "suggestive" of aiding would be hackers. The four number combination password used by ATM cards yield 210 combinations in total. Divide the number of combinations by three. That's how long it takes your ATM card hacker to access your account, if he doesnt get lucky sooner. Customers should as a matter of security concerns pester the banks in Nigeria for 6 digit ATM cards.