Security expert Bruce Schneier writes about passwords often, and he distills Thompsons findings into a few rules: Choose a password that doesnt contain a readable word. Mix upper and lower case. Use a number or symbol in the middle of the word, not on the end. Dont just use 1 or !, and dont use symbols as replacements for letters, such as @ for a lowercase A—password-guessing software can see through that trick. And of course, create unique passwords for your different sites.
via Slate Magazine.