Author: L.S.Lowe. File: passwd. This update: 20110925. Part of Guide to the Local System.
You are then prompted for the old password, and the new password, and the new password again for confirmation. Passwords do not appear on the screen when you enter them.
You should make your password easy for you to remember, but not obvious to someone else.
Avoid ordinary words and names, because they are easy to crack, as are words and names combined with one or two digits. Also avoid anything known from your account, such as your room number or telephone number.
Using the first few letters of an unusual pairing of words is acceptable. Using initial letters (or final letters) of each word of an obscure phrase or sentence is another quite useful technique.
If you use several different computer systems (eg CERN, here) you should probably avoid using exactly the same password on each of them, because that increases the risk when a password is cracked.
Ideally, use a mixture of lowercase, uppercase, digits, and special characters. If you follow that rule then the password has to be at least 8 characters long. If you don't follow that rule, your password might have to be as much as 11 characters long.
In detail: the password minimum length starts off as 12 characters, but you get a credit of 1 character when you use a character from a class: lowercase, uppercase, digits, and special characters. In practice then, if you use at least one character from all 4 classes of character, the password has to be 8 or more characters long. If you use only 1 class, such as all lowercase, it has to be 11 or more characters long. If you manage to use 0 classes, congratulations.