Project Talk:Infrastructure/Password policy

I think we need to decide on a couple of things:


 * Advice on generating the master password. I'm generally good with the xkcd advice; but I've also had success using longer computer generated passwords. My ability to remember a password is primarily related to use-rate.
 * Advice on rotating passwords. I'd explicitly avoid rotating the master password outside of a breach.