Many would think that making up some cryptic long list of Capitals, lowercase, numbers and punctuation is the way to go. But chances are that you're going to write some words/phrase using things which look similar. E.g. I've seen several IT personnel think that this is a "good" password:
Can you spot it? It's in the shape of the characters:Code:#@$$^^0#)
# = P or R
@ = a
$ = S
^^ = W
0 = O
) = D
So that is then PaSSWORD
What to do then?
First, give up on trying to use some easily remembered word. Especially if it's only the one word.
Second (up to a point) the longer your password is the better - this is to stop the brute force attack (i.e. trying all variants one at a time until the password is accepted). Though there is a limit due to how passwords get encrypted. Anything above 10 characters is considered a decent password, above 15 good, above 20 excellent, but after around 40 it doesn't matter at all. It's a situation falling under the law of diminishing returns. Thus, second "trick" is: Make your password around 10-30 characters long (or more if you want).
Third, try to make each login unique. Especially for your more valuable logins (like bank accounts).
Don't think in words, rather try phrases. Even better try a phrase relevant only to the one site you're making that password for. E.g. for your online banking you might think "This bank is stealing my money and robbing me blind". But don't use that directly ...
Next come up with your own scheme of modifying that phrase into a single password, note here I give a sample - you have to come up with one of your own (for your own sake, not mine). This scheme needs to accommodate a few things:
- It needs to extract portions from all over that phrase so there's no single word for a dictionary based password cracker to pick up on. The simplest way might be to use the first 2 characters of each word: thbaisstmymoanromebl
- Next you need to mix upper and lower case. Perhaps go with changing the 1st character of each 2nd word: thBaisStmyMoanRomeBl
- Next you need to include some numbers and symbols. Looking at that password I notice 3 words: Bias, Moan & Rome. I'm going to use that idea of similar looking on every 2nd character of each: thB@i$StmyM0a#R0m3Bl
Then update your passwords as regularly as you can. If you follow above, you've got lots of options on how you update your passwords. E.g. say every even month you capitalize the 2nd character instead of the 1st. Every first quarter you use the 1st 2 characters, 2nd quarter next 2, etc.
You might like to look here for extra ideas: http://www.makeuseof.com/tag/create-...ssword-forget/
If you go with some "method" behind this madness of making these cryptic passwords, it becomes a lot easier to keep secure & unique passwords, as well as updating them regularly. And no need to keep a black-book or (god forbid) save them in your browser!