ASK BOB RANKIN
Everything you know about passwords is wrong.
A typical website now requires you to create a password at least 8 characters long that includes at least three or four types of characters: upper-case, lower-case, numeral, and special characters such as !, @, #, etc. In most cases, the resulting password is *exactly* 8 characters long, begins with an upper-case character, and ends with an exclamation point or the numeral “1.” Often it’s a recognizable name associated with the user, such as a child’s or pet’s name. If a password needs to be changed, it’s often only the last character that’s changed, and in a predictable fashion, i. e., “1” becomes “2,” “!” becomes “@,” etc.
Hackers know these official rules, and the de facto rules that users have created to comply with the least effort. Read on.