A good bit by Bruce Schneier about “Real-World Passwords”

<!-

body { font-weight: normal; font-family: Lucida Grande; font-variant: normal; line-height: normal; font-size: 11pt; font-style: normal }
->

Check out this
post from Schneier on Security:

How good are the passwords people are choosing to protect their
computers and online accounts?

It's a hard question to answer because data is scarce. But recently, a
colleague sent me some spoils from a MySpace phishing attack: 34,000
actual user names and passwords.

(read the whole thing here: [Real-World

Passwords](http://www.schneier.com/blog/archives/2006/12/realworld_passw.html))

My password philosophy goes like this. I have a standard one that I use
for the majority of sites where I don't care at all if someone gets into
it. Then I have a series of 4, progressively more obscure ones that I
use on how important access control is, with the most impossible to
guess one on my financial accounts.

Reading this makes me wonder if I am not taking this far enough…