The second piece of advice has to do with password composition, the idea that a good password is longer, contains letters and numbers, and has special characters.

FORBES: Discussing Gawker's Breach With Founder Nick Denton

In addition, you should consider avoiding plaintext-password network services: The POP3, FTP, and Telnet daemons pose a special risk because their passwords pass unencrypted across the open network, sniffable by any nearby machine along the way.

CNN: Analysis: Linux security

To make matters worse, the password I select at TIAA-CREF can only have 8-12 characters and it cannot have any special characters.

FORBES: How To Protect Yourself From PayPal Identity Theft