Network World

Don't be hung up on writing down strong passwords, just don't write them down in unsecured places. A list of strong passwords in my wallet is better than a weak password not written down and easily discovered from a dictionary attack.

The biggest problem with random password generators is that there are specific issues with certain characters in the password...
For instance...is the "@" character acceptable to all your middle ware applications? How about the "#" or the "~"? Also, how do you differentiate between the "0" and "O" or "l" and "1" and "I" (in some fonts, it's impossible...
And like you said...gibberish passwords are impossible to remember.
So...need a solution? You need to use the human brain for something it is especially good at and the computer abysmally bad at...pattern recognition. Instead of trying to remember
"12%^ioKi:+"
How about using your keyboard's natural patterns to generate an impossible password? How would you like a 16 character password that is impossible to forget and yet makes no sense on paper?
How does this look?
"7yhn6tgb&YHN^TGB"
What a nasty password, huh? Try and crack that one! But it's easy to remember! Everybody look at your keyboards now...Notice that keyboard keys "7yhn" are more or less all in a row running from top to bottom? well, also notice that "&YHN" are the very same keys just, shifted?
What about this password?
"9876oiut(*&^OIUT"
Same idea, just start at "9", roll your fingers to the left, go down a row and repeat, then shift and do it all over again!
And there you have it...an impossible to forget password and an almost impossible password to crack! And the nice thing is that You can switch up things as well. If some one is looking over your shoulder, they will never notice when you hold down the shift key...so alternate shift and unshift:
"(8&6IuYt9*7^iUyT"
In that password, I started out exactly the same as the one above, but shifted every 3rd character.
So, don't be stupid and write down your passwords...use your brain for what it is good at...patterns!
And hey, here's a secret for you people who need to change your password every month...maintain the pattern.
For instance:
123qwe!@#QWE is a nice 12 digit password that is just the first three keys in the upper left corner, down a row and then again all shifted. So, next month, shift right a key for this:
234wer@#$WER
then the next month 345ert#$%ERT
and so on and so on...if you have a good formula say month one is January so you start at 123qwe!@#AWE, month 2 is February so you have 234wer@#$WER
See the pattern here?
Now I don't recommend anything so simple as 123qwe!@#QWE, but perhaps 1qaz2wsx!QAZ@WSX is a better one, or if you have a natural keyboard, how about this pattern?
"1670qtyp!^&)QTYP"
Notice that these are the keys where the keyboard breaks?
Using patterns forgoes all the mess of writing down and memorizing cryptic passwords...
Try it...look at your keyboard and recognize a pattern and use it!
Ed
web/gadget guru

I too have spent some time looking at generators as well as phrasing techniques. A simple recommendation I found was to start with a 7-9 character dictionary word and split the word somewhere in the middle. Insert a number and uppercase a character in the second half. For example, starting with the word "address" you could have "add5Ress" or "add3reSs". I've tested this technique with dictionary attacks as well as brute force attacks. It creates a very strong password and meets the 3 of 4 password complexity rules and easy for end-users to use.
Thanks.