Operating System Hardening 101
Strong Passwords
A good strong password has been a moving target since we started using them. Presently the advice is that a password should be at least 15 characters in length, but I think this is already incorrect. The 2017 Crytpo currency boom and burst flooded the market with cheap powerful GPUs; perfect for password cracking. To keep up with these changes I recommend at least 24 characters. Better yet use a Password Manager! Then having a 32 or 48 character password is no big deal.
Keep in mind when choosing a password everyone knows users pack on complexity to the end of the password, i.e. “password12!@”. So just changing the password to “12!@password” is actually, by a slim margin, more secure. Don’t miss understand, both of those are terrible passwords. Using one, two, or three random dictionary words, then some numbers and symbols to build passwords is not secure.
Using a random phrase is not a bad idea, but not a well-known phrase. A well-known phrase for example being “All dogs go to Heaven”. A random phrase like “All cats go to trains” would make a much better password. Better yet would be to misspell some of the words in the pass-phrase. Using misspelled words is better because they will not be in a dictionary. So using the rules described here, a decent password would be like “%6&8All cats go to Tryns”. That has a length of 24 characters, with 2 numbers, 6 symbols(spaces count), 2 uppercase, and 14 lowercase characters; not bad.