This is a problem that has been written about over and over again, the proposed solutions are complex and there appears to be no relief in sight. People are reusing the same simple passwords over and over again and the only alternative is a complex trade-off between poor user experience, incompatibility and putting all your eggs in a single basket. I’m not sure how brilliant of an idea my solution is but I’ll explain how I try to manage this complexity.
First off, I have 4 tiers of passwords. I have one very complex password for work, gmail and my bank account, one for less important sites that I really would rather wasn’t hacked like facebook and Windows Live. One that’s a throw away password that I really couldn’t care if anyone hacked and one that I share among family and friends (my home router, my personal svn, etc.)
For my top tier password I have come up with a trick for creating and remembering them. I think this is a handy trick and can work for anyone and will generate a very strong password. I have created a simple tool to help.
EDIT: try it live at jsfiddle
Once a month or every other month simply print out, or write down the above graph onto a piece of paper. Visualize a line or a shape with a bend such as a V somewhere in the graph. This is your password. Remember the first letter, the last letter and the shape. Change your passwords and leave this sheet somewhere nearby face down. Try to login by remembering this complex password. If you cannot, flip over the sheet, take a look and try again. If you flip over the sheet start typing from the beginning again. After a couple of tries you will be able to remember without the sheet. Don’t discard it, keep it nearby in case you forget again.
In the meantime, if anybody finds your printed sheet it is not readable. If the CIA finds it, it might help them to narrow it down enough to crack it but if you’re concerned about that then I can’t really help you.
My second tier password I choose a word that is easy for me to remember and basically use l33t speak to augment it. Basically replace letters with either numbers or special characters depending on what the password box is requiring.
My third and fourth tier is just some stupid dictionary word that’s easy for me and friends to remember.
All but my top tier passwords are stored in a Google Docs spreadsheet so if I forget I can go and find it in there. That spread-sheet is protected by my top tier password.