After all the crazy password rules I've ranted about in my technical blog, finally someone (Anthem) has come around to my simple way of thinking about choosing passwords. Just find something easy to remember yet hard to guess. The logic behind this, from the human point of view, is if IT makes a bunch of rules (e.g. length, capitals, numbers, special characters, non-repeating sequences, etc.), they are saying that they have the "hard to guess" part covered, leaving us only concerned with the "easy to remember" piece. But asking us to think about both sides of the password selection process, and making it a simple ask, leads us to better passwords.