For me, the worst passwords are those with special characters, uppercase combinations. They are easy to forget and dont provide any value except to delay brute force attacks. Additionally, users tend to use a main password and suffix them with some combination so it's not really secure from a holistic point of view.
What works for me is password generation via something like bitwarden or lastpass. These generate really obscure passwords for each account which is great.
What also works is 4 words thats greater than 11 characters as a password. That's more secure than any fancy scheme. Also easier to remember for the user.
For me, the worst passwords are those with special characters, uppercase combinations. They are easy to forget and dont provide any value except to delay brute force attacks. Additionally, users tend to use a main password and suffix them with some combination so it's not really secure from a holistic point of view.
What works for me is password generation via something like bitwarden or lastpass. These generate really obscure passwords for each account which is great.
What also works is 4 words thats greater than 11 characters as a password. That's more secure than any fancy scheme. Also easier to remember for the user.
I agree, recommending using multiple words in succession seems to me like safest, yet (hopefully) unique password creation process.