"Use a memorable phrase as a password with a mix of uppercase letter, numbers and special characters e.g.
Margaret Thatcher is 110% SEXY.
But please do not use too many repeated characters/numbers and avoid using personal identifiable information in the password such as username, email id, real name etc. "
Is this advice sound? What else should be included? At the backend I am using zxcvbn to check password strength.
Motivation for this advice is:
1. xkcd: https://xkcd.com/936
2. The password mentioned in the title was, as an example, suggested by Edward Snowden on Last Week Tonight show: https://www.youtube.com/watch?v=yzGzB-yYKcc
Bill Burr who invented the original password complexity rules now says forget those special characters and numbers. Simple long phrases that you can remember is more important. https://gizmodo.com/the-guy-who-invented-those-annoying-pass...