Jamie noticed that Bruce Schneier wrote a piece on a paper on strong passwords that tells us that the old 'strong password' advice that many of us (myself included) regard as gospel might not be as true as we had hoped. They make things hard on users, but are useless against phishing and keyloggers. Everyone can change their password back to 'trustno1' now.

http://it.slashdot.org/story/09/07/13/1336235/Strong-Passwords-Not-as-Good-as-You-Think

I always make medium strength passwords, because the companies who have the weak/medium/strong thing class the real strong passwords as medium... Also when I create passwords, I tend to have other tabs open just incase I'm being keylogged in which my passwords can be something I've typed and deleted here on DCEmu. It's amazing that they cannot tell which letters have been deleted from words though they know every key that has been pressed.