Bad password advice from the 1990s continues to be repeated ad nauseam, even though it has been widely disproven and groups ranging from security firms to academic researchers to the National Institute of Standards and Technology (NIST) specifically advise against most of those principles. Below, I take this apart and offer you actual good advice. (My friend Joe Kissell covers this topic in depth in his excellent "Take Control of Your Passwords.")

You might also wonder why encrypted passwords stolen from breached sites can still be cracked and used against you. I can explain that, too.

Everything you’ve been told is wrong

You know the drill. You’re often told, when setting up an account or changing a password, that a good password