« Return to the blog entry
The opposite of security is usually usability - and in this case if the user is typing in the code then it has to be short-ish. IMHO less than 9 and as Hynek suggested grouped for readibility.
Case sensitivity to be avoided for good usability and likewise any similar letters/unumbers
I'm also interested in the google search you'll have to do to try to find the list of unsuitable words to parse out...could be some interesting results. Let us know how that one goes