Internet users are being bombarded with a plerotha of advice on what makes a good password, and often this seems confusing since there does not appear to be a consensus on what makes a good password. Unfortunately human beings are creatures of habit, having to deal with too much information, and we all have a tendency to fall back on using passwords that we can easily remember, such as personal information. This makes life easier for cyber criminals.
The best thing I ever did was to start using a password manager, and I no longer remember any passwords. Is it time for this to become best practice, and thus leave the password recipe up to your chosen password manager?
In 2015, the UK government released an article advocating the use of 3 random words in passwords, citing "pragmatism and algorithmic strength against common issues like brute force attacks". 2 years later and a plethora of respected Twitter users continue to push this advice