Security experts are revising password policies to combat the growing sophistication of modern cracking techniques which make the average password weaker than ever before.
A key strategy in making passwords more resilient is to use phrases that result in longer passcodes.
Still, passphrases must remain memorable to the end user, so people often pick phrases or sentences.
It turns out that grammatical structures dramatically narrow the possible combinations and sequences of words crackers must guess.
One surprising outcome of the research is that the passphrase "Th3r3 can only b3 #1!" (with spaces removed) is one order of magnitude weaker than "Hammered asinine requirements" even though it contains more words.
Better still is "My passw0rd is $uper str0ng!"because it requires significantly more tries to correctly guess.