

Do not use the first words in common sentences to create passwords - juanre
http://www.lightbluetouchpaper.org/2011/11/08/want-to-create-a-really-strong-password-dont-ask-google/

======
DanBC
People who create the websites frequently get it wrong. (See also "JUST USE
BCRYPT".)

If clever people with access to research and articles and advice and existing
best current practice crypto libraries can get it wrong how do we expect the
regular person on the street to get it right?

If banks - who are a real target with money to lose - can get their advice to
customers wrong how can the customers be expected to learn?

Password security is a real mess. Someone could make a name for themselves if
they did research and created a workable system that regular people could
understand and use. Design some protocols and standards, release these as open
standards and allow them to be tested and changable. And then hope that
software creators and website designers build them in.

