Password creating Theories

[underwood-de () hotmail com]

As the sys admin of a classified network we forced the change of passwords every 30 days and we had users that ranged 
from clerical support staff to people with PHDs. (not necesarily the brightest people either) One of the simplest yet 
reasonably effective methods for a good rememberable password for the user that I encouraged them to use was to use a 
favorite song or poem and use a minimum of 2 words, preferably 3 words from the song or poem as there password. This 
made it a sufficiently long, it did not have complexity but the 30 day password change policy negated that aspect and 
it was reproduceable. I used a common drinking song as an example, 99 bottles of beer on the wall, take one down pass 
it around, 99 bottles of beer on the wall. I would use "99bottlesofbeer" as the example as it had two numbers and 13 
letters which was a very suitable password, was easy to remember and easy to type.

 As we had STRONG physical security if they insisted on creating a text file with there password on there personal 
drive on the Secure network we were not to concerned about that either. I do have to point out that the users hardrives 
were locked up at night in a good to secret cabinet, we had fiber to the desktop, our servers were in an access 
controled, shielded room, in which the outside door code changed every 30 days and each room inside had it's own lock 
and key. No user saw any other users home drive and data was partitioned off to each groups use and stricly enforced. 
They were only allowed to print on network controled printers that were in there area/group. 

In other words passwords were an important PART of a controlled and layered defence.