... authentication expert Richard E. Smith has observed, the logical conclusion of most “strong password” policies—don’t use names of family members or pets; don’t use birthdays or calendar dates; use randomized sequences of special characters; don’t use your password for more than one or two sites; change your passwords several times a year; don’t put your password(s) in your PDA or cell phone—is that passwords should be impossible to remember and should never be written down.
Michael Schrage, "The Password Is Fayleyure," Technology Review, Mar 2005
