My virtual co-worker Jason Bock pointed me to this Robert Hensing blog about pass-phrases..... I first learned of the pass-phrase concept a year or two ago, and all I can say is YES! Network admins, change your security requirements, dump those “max” values from your passwords (some networks I've been on limit you to only 8 or 10 characters.... what's the point!) and I'd dump those obsure caps, numeric, and punctuation requirements too if the password is longer than 20 or 25 characters..... ......