My July 29 post "How to avoid "the 500 worst passwords of all time" generated nearly three dozen comments, many about novel ways to come with hard-rip-off, but easy-to-remember passwords. Many are worth sharing and that's only gotten me as far as the first 15 comments.
Before I share, I want to pay homage to the password manager's mentioned because they mostly came in for praise although one was labeled "annoyingware." There's plenty of that around, isn't there?
A slew of password managers mentioned with Roboform and KeePass as the most popular if the comments are any indication. Some were free for a basic copy, but a "Pro" version for a fee was never too far behind. Besides KeePass (free) and Roboform($35), there were 1Password for PCs and OS X Macs ($40), Gator (free), LastPass (free and nice video explainer), Passwordwiz (free), SignUpShield (free), PasswordSafe (free), ID Vault ($50, but more than just password protection), and MyPasswordManager ($25), and Password Plus ($30).
However, the comments indicate many users prefer to go it alone with their own hard-to-crack and easy-to-remember passwords. Here's five, but if you want to see them all, go to the July 29 post:
I can say that none of my 66 current passwords nor any of the 53 retired one are on the list. Some are close, but only a part of the actual password. I do have some relatively simple passwords/PIN #'s I have been changing some to more complex ones or ones that can't be figured out immediately--such as Sarah Palin's were.. If I have a city name, it will part of my former address, etc. License plate numbers are used or variations on them, such as adding the state name, especially if you no longer live there.
I use a Password protected Excel Spreadsheet, it doesn't populate any webforms, but is free and easy to use.
30 passwords? 50 passwords? monthly changes? Independently from my different 'identities/user names' (yahoo!, google, msn, work, ...), I have only 3 different passwords. The 1st one is 'private-private': personal email, amazon, paypal, banks. The 2nd one is 'private-professional': it is used on my company's network, and can be reset by the network administrator. Le last one is 'default public password', very useful for all these sites where subscription is mandatory. I would give the 3rd one to everybody close to me, from my children to my assistant. The second one does not need to be given to anybody, as it can be reset. The 1st one is written down on a piece of paper, sealed in an envelop, to be open after I am dead ...
Ijust came up with an algorithm that utilizes the name of the website requiring a password. For example, for this site, I'd use smartxxx99, where the xxx99 is the same for every website. For CBS.com, the password would be cbsxxx99. I just don't share the xxx99 with anyone so it is easy to remember 100's of passwords without having to pay for software like Roboform.
One of my favorite methods is one of several vulgarisms in German, Spanish or Italian. It's easy to remember, and when the capitalization is off by a couple of characters, it's difficult to crack.
Try to think of the two most random things and stick them together.
EX: tvtree, windowbag, phonestick, etc. Also another thing is to add random #s and Caps inside of it.
EX: TvtReE, wiNd0WBag, pH0NEsT1ck, etc
One more things is to spell them in a different way.
EX: tveetrie, whinndoowbaag, foonstiic, etc
So all together and you got a hard password.
I always use an easy to remember sentence, then substitute numbers for one set of the letters.
I might sub 1 for all the "I"s, 0 of "O", 5 of "S" and similar. I like working the word "ate" into it, subbing the singular 8 for the whole word.
I write the sentences out as you would normally, including punctuation. This helps people remember where any capital letters are, at the start and in any proper nouns.
Y0u f0rg0t the passw0rd already!?
Who 8 all the 1cecream?
Plea5e don't abu5e thi5 5erver.
If spaces are not allowed I simply eliminate them.
I've yet to have anyone forget their password/phrase. Most of them are wireless keys btw. I'll make a much shorter statement for windows user passwords, for eg:
Follow John Dodge on Twitter.