No password rules...please.

Randomed by Rituraj / at 5:13 PM / /

So I just read this post through Hacker News about password rules:
http://portal.cs.oag.state.tx.us/OAGStaticContent/portal/login/help/ChangePassword.htm

I was aghast with how majority of the organizations.websites are still clueless about password strengths. The article is not wrong. It gives pointers to passwords with very high entropy. That's good. But what is not good is that these passwords are almost impossible to memorize! Imagine having passwords like fd2lp$53z for a dozen websites! How will one remember password of the said kind for 12 different websites (NO! Using same password for different sites is a BAD PRACTICE!).

So let me start with this graphic art:
http://xkcd.com/936/

It is pretty self-explanatory. One may make it more secure by simple substituting a letter resembling a number by the number literal. e.g. let's say your password is "correct". Then correct becomes c0rr3ct and then it becomes czerorrthreect or czerorr3ct etc. Could it get any simpler? Of course this is not the only trick. There are loads more. One can simply hash some chosen word and use parts of it as password etc.

So please, let us all stop making organizations/websites dictate your passwords and use a little bit of creativity lest we will have a password-zombie-apocalypse at our hands!