2. It shouldn't be easy for anyone to figure out. Do not make it anyone's name or birth date, or your user name, or any of these spelled backwards. It is also wise to avoid something that appears in a dictionary. A good idea would be to include at least one nonalphabetic character (for example, a period or a dollar sign).
3. Make it a reasonable length. Some systems impose a minimum number of characters for a password. At least 5 characters is adequate. There isn't usually a limit as to the maximum number of characters, but only the first 8 are significant. The ninth character and after are ignored when checking to see whether you typed your password correctly.
4. Change your password once in a while. Some systems check the last time you changed your password. If a time limit has been reached, you will be notified that your password has expired as you log in. You will be prompted to change it immediately and won't be allowed to log in until you successfully get it changed. This time limit is system imposed. Changing your password every few months is reasonable.
5. Don't write it down or tell it to anyone. Don't write it on scraps of paper. Don't tell your mother. Don't write it in your calendar. Don't write it in your diary. Don't tell your priest. Don't put it in a dialup terminal configuration file. Nowhere. Nobody. Maybe in your safe deposit box.
