2. Good & Bad Passwords

Let's start with examples of bad passwords:
 
1.      Regular English words (i.e. not including numbers, symbols, combination of upper and lower case)
2.      A client's social security number, a portion of the client's social security number, or any other piece of information that might be guessable
3.      Any password that you e-mail to the recipient (if an attacker has access to one email, they probably have access to all of them!)
4.      Anything that is short (shorter than 8 characters is generally considered to be bad)
 
My recommendation is to let the recipient decide the password.   That puts the onus on them to choose something that is secure.

The strongest safe in the world does no good if the combination is written on the door.