This is seriously true. I encourage everyone to follow it. After all, if XKCD says it, it must be true.

Seriously though, this is what I do now (No, our server passwords are not “correct horse battery staple”, and no you shouldn’t build a hack tool that assumes that).