Originally Posted By: haertig
Here is how I do my passwords:

I start out with something that I have bought recently that is easy to remember:
Code:
Ruger .357mag


I rearrange that a little, still easy to remember (notice everything is lowercase now):
Code:
.357rugermag


I replace letters/numbers with their "equivalent". e.g., e with 3, s with 5, a with 8, l with 1, o with 0, etc. I do it both ways ... so e with 3 and 3 with e.
Code:
.es7rug3rm8g


Then I alternate holding the <shift> key down to capitalize every other keystroke:
Code:
.Es&rUg#rM8G


I look at the end result and if it doesn't look random enough, or doesn't end up with upper and lower case letters, digits, and punctuation, I buy something else (yeah!) and start over.

I end up with very strong passwords this way. And they're easy to remember. I should say, the passwords themselves are NOT easy to remember, but the sequence of steps to generate the password from my example seed phrase ".357rugermag" is easy to remember. And the seed phrase is itself easy to remember because it represents some cool item that I recently bought for myself.

The downside to this is that I cannot tell anyone else my password. I cannot even sit down and write it on a piece of paper. I have to have a normal QWERTY keyboard in front of me so I can visually see things as I hunt-and-peck the keys while alternating "shift key up, shift key down, shift key up..."

This is how I do the passwords for stuff that I really need to be secure. But for passwords for the less critical stuff, say for my login here on ETS, I use simpler passwords. I have lots and lots of these less secure, but still decent quality, passwords. Since I can't remember them all in my head, I store them in the "KeePass" application. I have that for Linux, my Android phone, and Windows. I assume KeePass might be available for iPhone and MAC's too, but I don't know for sure. The encrypted database for KeePass is copied transparently between all my devices.

Each shopping_website/bank/etc. that needs to be secure has its own password - they are never the same password shared between sites. But I will admit, for some of the internet forums I visit, like ETS, I occasionally use the same password. That is because the ramifications of somebody hacking my ETS forum account are pretty minor.


Which password are best depends on how you expect it to be hacked. Do you expect a person to randomly guessing a password or a brute force attack.

For a brute force, generally a very long password is good, not necessarily one with complicated letters/signs.

I have separate passwords for impotent things and a few I use on non essential things like forums.
_________________________