I can't remember where I read this, but I believe the following is a pretty good way to come up with good passwords. Take any long, memorable phrase and use the first letter of each word to form your password, and feel free to use numbers and/or symbols wherever possible. For example, you could take "to be or not to be, that is the question" and make it:

2bon2btitq

Or perhaps:

2b|!2btitq

In the second, I used "|" for "or", and "!" for "not", as that's how many programming languages represent those logical operators.

This is still not as good as a completely random string of characters, as I suspect some characters are used more frequently than others as the first letter of words. But AFAIK, the distribution is good enough to give a sufficient amount of entropy. And this gives you passwords that can be remembered much more easily.

Alternatively, you can take a completely random password and make up a phrase using the characters.

__________________
"It's over you head now. Time to get some professional help." - My fortune cookie from lunch

Ned Wright's Cosmology Tutorial

Usenet Physics FAQ

It's been a while since I've used that account, so I could be wrong, but the army e-mail system has an exactly-ten-characters password requirement. Two must be uppercase; two must be lowercase. Two must be numbers. Two must be special characters. And you must change every six months, with no repeating.

Now, I ask you. Okay, sure, if you work in the Pentagon or something. But I only had this account so I could IM Graham while he worked while he was over in Iraq. The sensitive stuff we said was sensitive to our relationship. He didn't know anything sensitive, army-wise. I suspect half the people dealing with such byzantine structures don't know anything that couldn't be worked out another way. But what do I know?

__________________
Gillian

"Now everyone was giving her that kind of look UFOlogists get when they suddenly say, 'Hey, if you shade your eyes you can see it is just a flock of geese after all.'"

"You can't erase icing."

"I can't believe it doesn't work! I found it on the internet, man!"

Manchester?
Nottingham?
Worcester?

__________________
Bring back Firefly!

"It is quite clear that Occam's razor does not sharpen in your pyramid." (Nicolas)

"Still, a man hears what he wants to hear and disregards the rest." (Paul Simon)

Leicester
Newcastle
Birmingham

At one company I had worked for, you had to change passwords every 60 days and could not re-use any of your previous 100 (!) passwords. I did have a written note, but a) it was not a sticky note, but buried among similar-looking scribbles on one of 20 or so sheets of paper on my walls, and b) was not the real password, but a "coded version" -- I memorized the rules for translating the note into actual password.

What other people did, I have no idea, but I never saw any obvious sticky notes. Then again, it was a software company full of engineers, not an office full of end-users.

__________________
Fiction has to be plausible. Reality is under no such constraint.

If I want to be REALLY secure, I take an easy to re-create string of numbers (say, first 14 digits of pi, or first 20 digits of Fibonacci sequence), and mash it up. Switch first and second half, then change every 3 to 7 (just example), etc. Mostly however I just use nonsense words with a few numbers stuck in, since I have excellent memory for that kind of information.

__________________
Fiction has to be plausible. Reality is under no such constraint.

The world might be a more secure place if everyone had that talent

__________________
"It's over you head now. Time to get some professional help." - My fortune cookie from lunch

Ned Wright's Cosmology Tutorial

Usenet Physics FAQ

That's my system. A private code that's easy to remember.

A good one to use for home is a common middle section to all your passwords.
As an example, you have JOL3bE as your password. Then prefix it, suffix it, or surround it with the site name that you use it on - or a name that reminds you of that site.
So BAUT could be BauTJOL3bE, or even SPJOL3bEaCe.

__________________
I don't believe in mathematics. Albert Einstein

Biologically speaking, if something bites you it's more likely to be female. Desmond Morris.

Quantum analysis is scientific dithering

Professor Frink: My observations n'hey, n'hey, show the universe could be a torus Weh, uh, or toriod it may like the typewriters and bananas and the monkeys with big teeth the biting the screaming Mm-hai!

Homer: mmmmm... doughnuts!

I'm not sure that is a good idea. Password cracking software don't just try every possible string of characters by dumb brute force. Many of them try to explore the most likely parts of the search space first by allowing you to seed them with dictionaries of key words, which they then apply various permutations on to generate likely password candidates. If I were trying to crack BAUTers' passwords, I would almost certainly use space-, science-, and astronomy-related words as part of my starting dictionary. Using words related to a site as part of your password for that site makes your passwords weaker than they would be otherwise.

__________________
"It's over you head now. Time to get some professional help." - My fortune cookie from lunch

Ned Wright's Cosmology Tutorial

Usenet Physics FAQ