Passwords are a fact of life and despite the advances seen in fields such as biometrics they are likely to remain part of the online landscape for the foreseeable future. Not surprisingly then there is much advice on how to choose your passwords. Unfortunately we all know that the best passwords are those you cant remember. It's all about Entropy - a subject I discussed here several years ago.
One piece of advice often seen is that longer passwords are better. That would be good advice if the characters were truly random but one often sees advice also being given (and I've done it myself) to choose a phrase or saying that will help you remember a longer password/passphrase.
However, being human we choose passwords that are not random, even when we think we are creating random strings by substituting unusual characters in our passphrase/password. Research presented in recent months suggests that we as our languages are theoretically very limited and predictable (within the meanings defined in Information Theory developed by Shannon in the late 1940s). We all like to choose phrases that are linguistically correct and this is a problem.
