No words in any language
It is even worse than that. Remember that to modern password cracking software a lengthy word has the complexity of a single character -- entire words are tried the way old cracking software tried characters.
To be effective against modern cracking software, passwords must not contain within them words in any language.
So we should be asking users to remember truly random strings of over 12 characters.
Biting the hand that feeds IT
