Is that some sites limit the length of your password and/or require at least one capital letter, a number, and a symbol in your password.

Admittedly it's not too hard to make the first letter capital and then tack on your favorite number and a exclamation point at the end without doing harm, but the length is still an issue.

TlalocW

He suggested using phrases...names of movies or songs, gibberish phrases (Jabberwocky anyone?) or homilies.

A stitch in time saves nine. Penny saved is a penny earned.

Born to be wild. Build me up buttercup. Just anything that's easy to remember. Attach a number, vary a capital in it, and he said it was very difficult to hack.

Lets say I have the password 'pass'

At DU my password is DeltaPass.

If you cracked that, my password to chase bank would be charlie pass.

That is a bit simplified. The reason is simple. Lets say Im a hacker. I probably can not crack chase bank. They invest millions of security.

I bet I can hack a small forum run by somebody with a little IT knowledge, then try those 250k password combinations at chase.com and see if some work.

By having a unique password you bypass this. A human cpuld spot the pattern if my password was hacked multiple times but a computer would try a password and reject it for not working.

And the best advise is to use 2 factor authentication.

I can give you my gmail name and password. If you try to log in the IP address is unknown and google sends me a text. I have to key in the 4 digit code google sent me to login.

Now you need to have my password and steal my phone.