new user passwords are now 'judged'

[VinDSL]

I have always used 9 letter passwords [...]

Well my philosophy is to use a really strong password (15 Chars+) and then to set autologin.[...]

It's my machine and I'll do what I like!

Interesting!

I used a 26 letter password, at one time, but... sometimes I have to use someone else's machine, like a "gas pump" at a service station (odometer reading for corporate credit card), or an ATM machine (PIN number), and they won't allow that many characters.

I digress: I ran a program for over 2 years, on a dedicated machine, trying to randomly guess the correct order of the english alphabet (yes, I know there is no true randomness on computers). After 2 years, it had correctly guessed the first 13 letters. At 100K tries a second, I judged that it would take 1,840,645,487,000,000,000,000,000 years to guess them all -- soooo, I figured a 26 letter password was pretty safe. LoL!

On PCs, I finally settled on 10 letters -- a mixture of caps/lower-case letters, numbers, international english keyboard characters, and punctuation symbols -- arranged in a geometric pattern.

On other systems, you have to go with the flow. For instance, my cell phone provider only allows four numbers. Really! What a bunch of morons...

Anyway, the 10 letter sequence I normally use, allows me to use my left "pinky" (hidden under the palm of my left hand) to press the [shift] key, so if someone is watching me type my password (over my shoulder, with a security camera, etc.) they still don't know what I typed.

I have my web server(s) setup to use keyboard login or a virtual keyboard, so nobody can capture my login sequence with a "keylogger".

You can do the same thing on an Ubu box by implementing Onboard or Matchbox.

Example: I`m typing this line with Matchbox

Anyway, it's GOOD to be a little paranoid, especially if you're connected to the web, controlling web servers remotely (including forum mods & admins), doing online banking, blah, blah, blah.