In my earlier book on passwords, I distinguished between “identity” and “security” passwords and outlined elaborate techniques to determine how strong a given password needed to be and create different kinds of passwords depending on context. I now advocate a single approach that’s simpler and safer, and that covers the vast majority of cases.
My strategy—and yes, this is what I do myself—has three main points:
Figure Out Which Passwords You Must Memorize—if you do it right, the number of these passwords will likely be in the low single digits.
Create Strong but Memorable Passwords for just those few. The passwords should be strong enough to defeat all but the most determined hacker yet easy to recall and type. ...