LengthGenerally speaking, long passwords are stronger than short ones. Certainly anything shorter than 14 characters is weak.
Personal InformationPasswords that include personal information such as your name, birthday, school name or favorite sports team are weak.
Dictionary WordsDictionary words such as "mydogiscute" are easier to guess than sequences of characters that aren't in the dictionary.
Well Known PatternsPatterns of numbers or characters that are well known such as "911" are weak.
DatesDates are weak. For example, 1/1/1970 is weak.
RepetitionRepeated characters are easier to guess than non-repeated. For example, "1111111" is a terribly weak password.
Reused PasswordsAvoid reusing passwords as it is common for password data to be leaked. A unique password for each logon is stronger than reusing the same password.
User IdsUsing any user id such as an employee number as a password is always weak.
Keyboard PatternsKeyboard patterns such as "asdf" are weak.
Common ObfuscationCommonly used attempts to obfuscate a password such as "p@ssw0rd" are weak.
Doubled WordsPasswords that contain the same pattern twice are weak. For example, "catcat1" is weak.
VowelsAlgorithms will use any advantage they can find in guessing a password. Vowels are used more commonly in English and in passwords. As such, they may be guessed more often.
OneThe digit 1 shows up in passwords more than other numbers and may often be guessed by brute-force techniques.
RandomRandom patterns or reasonable simulations of randomness tend to be strong. For example, "7Fi^u&.2kFioPx6s3iZi8tmbdq0-!jlxJfE" is reasonably strong.
Character VarietyUsing a variety of character types such as upper case, lower case, numbers and symbols helps to strengthen a password.
|Overview: Strong Password
Defensive ComputingInformation Security
A password that is difficult for a human or a machine to guess.