I used to be terrible at coming up with novel passwords. I'd scan the room I was in for books or game boxes, type in part of the name, then normally add my year of birth for 'security'. Of course, I'd forget these passwords all the time.
Eventually I had worked myself down to a core of around 5-6 key passwords: one for gaming related sites, one for Facebook, Gmail and Hotmail (insane, I know), one for the Split Screen admin page, and so on. Now, each of these sites has a completely unique and secure password- and even though I've started using KeePassX to generate random strings for most websites and services, I can remember everyone one of these unique passwords.
How do I do it? I spoke to my colleagues today, bemoaning how difficult it was to remember all my passwords, when they taught me this simple technique to create secure passwords. I think you'll like it- I was blown away by the elegance of it.
1. Pick a memorable phrase. A quote from an author was suggested to me, so here's one from Stephen King:
"I am the literary equivalent of a Big Mac and fries".
2. Let's take the first letter from every word of this phrase:
I a t l e o a BM a F
And we'll change a couple of the letters to numbers and symbols, keeping it memorable at the same time.
3. Now we've got a memorable password, but that's only good for one site. Now what we need to do is make a password we can augment for any site. Let's arbitrarily split our password in two:
4. In the middle of this split, we generate a "secondary" password for each site. Let's take the example of Twitter:
And we're done. We can do the same for loads of different sites:
For Gmail, I've gone for a less obvious 'Larry Page' than GM. For an Apple ID, you could use SJ, TC, iP, etc.
And that's all there is to it! Every website has a unique, very strong password that is also easy to remember. The beauty of this system is that even if someone steals your Twitter password, they don't gain access to any of your other passwords. You only have to remember the secure 'stem' password and four to five characters for every site. You could even have multiple stems for different categories of password, like online banking or email.