The manifesto itself, and
revision history.
Other resources:
- Infotex has another password manifesto here, which has lots of good information on creating strong passwords. I think we agree on a lot of things (or at least, I agree with him).
- This book, on the other hand, refers to a Strong Password Manifesto that appears to no longer be available on the internet, even through the Wayback Machine. That's probably a good thing, since any manifesto that suggests educating users to strengthen their passwords by replacing S with Z or that $cullyRulz2 (11 characters, one special, one upper and one number) is better than Scully rules, too. (18 characters, 4 specials, one upper) is probably not going to be a thorough, well-conceived policy piece.