While I am on my password kick, it's hard to get off the topic. Hopefully I will get back to Architekwiki soon. In the meantime... While I have been going through my cache of passwords, I came across an article from late 2011 that I had saved. I had been aspiring to follow the advice that James Fallows outlines in his Atlantic blog. That advice differs from the path I am on now, but I can see that it is pretty well-thought-out. So I am going to paraphrase it here for you.
The challenge with passwords is to over come the Catch 22: “Passwords that are easy to remember can be easy to hack, and passwords that are hard to hack can be impossible to remember.”
One technique that you can use to solve the Catch 22 is phrases. Basically you use a string of words. An example would be: Cold weather isn't tropical! This 28 character long password would be nearly impossible to hack/guess. And you could change the “o”s to “0” and the “a”s to “#”s for good measure. Something like this example beats the Catch 22, but it breaks down when you have 100 of them. You can't remember 100 phrases (I can't anyway), and you can't remember which one is used where.
One solution to this impasse is to duplicate some passwords based on the value of what you are protecting. This is “going against the rules”, but if the risks are minimal...? For example, let's say you list and rank the sites you use like this:
There are other worthwhile ideas in the article I referenced above, and you might find they give you the amount of security you want. My desire is to have the security without the “remembering”. In other words I would rather learn a system that does the managing and remembering for me.
The Final Update can be found here.