An article on The Blog Herald discusses common problems with user-generated passwords, specifically that they're too easy to guess. According to the article, users often choose passwords with combinations of their middle name, phone numbers, birthdays, combinations of dictionary words, and (yes) the word "password."
That's probably OK for registering for online newspapers or any other Web registration that doesn't expose any personal data like your credit card or social security number. I don't think anyone's working too hard to crack my password for Slashdot or Fark, but I'm not taking any chances with my online banking information.
But, your password for banks, computer logins, etc. should be much harder to guess: Something like Tie5aesh or aiFah4po.
The key is to get something that's hard to guess, but relatively easy to remember. For that, I use a small application called pwgen. You should be able to find packages for most Linux distros, though it's rarely installed by default. All you need to do is run pwgen and it will spit out dozens of random passwords. Scan the list and see if there's one with a mnemonic that will let you remember it easily. The program is designed to produce passwords that are random, yet pronounceable. For example, you could pronounce Tie5aesh as "Tie Five A eesh" -- it's nonsensical, but if you can remember the way it's pronounced, you should be able to memorize it.
How do you generate your passwords, and are they secure?
2 Comments
I make up a sentence that only means something to me (and one that includes numbers), then use the first letter of each word, sprinkled with the numbers. Sounds complicated but it's really not and works great for me.
I was about to suggest something like Lisa's solution, but slightly different.
I usually take the name of a city I like "Livigno" andchange some letters with numbers - "L1vign0" - or also symbols, if allowed: "L1v|gn0".