For instance, a user who picks “test123@#“ might be required to change the password in three days under the system proposed by Lance James, the head of the cyber intelligence group at Deloitte & Touche. The three-day limit is based on calculations showing it would take about 4.5 days to find the password using offline cracking techniques. Had the same user chosen “t3st123@##$x“ (all passwords in this post don’t include the beginning and ending quotation marks), the system wouldn’t require a change for three months.
… an excerpt from Dan Goodin recent Ars Techica’s post «“Pavlovian password management” aims to change sloppy habits». Interesting idea, but I do not think my mom could manage this kind of process. And NOT having a reliable, open source, accessible from anywhere tool to generate such strong passwords is not helping either.