A way to create easy-to-remember passwords without making a system more vulnerable to hackers.
Complex password requirements--rules like "passwords must be 14 characters long and contain at least two uppercase letters, two lowercase letters, and three symbols"--make it difficult for attackers to guess passwords using a so-called "dictionary attack," which involves trying many possible passwords in succession.
Requiring that passwords include numbers, symbols, and mixed cases significantly increases the number of possible passwords. With such rules, a dictionary attack becomes infeasible, but passwords also become harder to remember.
One way that system designers try to defeat dictionary attacks is by temporarily disabling an account when a wrong password is submitted more than a few times. This is called account lock-out, and not surprisingly, attackers have discovered a simple way to defeat the approach. Instead of guessing thousands or millions of passwords for a single account, attackers simply guess the most commonly used passwords for thousands, or even millions, of different accounts.
Click here to check your password strength
Tips to help keep your passwords secret
source: http://www.technologyreview.com/