I have read in different places that passphrases offer better security and are more user friendly however, I have also read contradictory information thats says longer passwords are not really more secure than shorter ones...so enforcing complex passwords (special charcaters, upper/lowercase ect) would be better?
Any clarity on this with a decent reference would be much appreciated.
Length > Complexity in nearly all circumstances. It is easier for us to remember simple sentences, whereas complex passwords are more difficult.
"Abaconsandwich%ismyfavoritebreakfastitem!" is far, far, far FAR more difficult to guess by any method (bruteforce or dictionary) than something like "B@c0ntim3!?" This is because the number of elements is far more varied and long, and simple inclusions like a % sign inside the sentence can make password cracking all but unfeasible.
Good myths: https://stormpath.com/blog/5-myths-password-security/
Everyone's Favorite: http://xkcd.com/936/
Complex passwords can be harder to memorize but can protect against brute-force(depending on the complexity). Longer passwords consisting of simple words or phrases are easier to remember and can also be very strong against brute-force.
For building a strong password, follow this guide:
A strong password can be so simple as: “Blue Jaguar eye shirt” which is 21 characters (including the spaces). Also use different passwords for different accounts.
Reference: http://arstechnica.com/security/2014/04/stanfords-password-policy-shuns-one-size-fits-all-security/
