Choosing strong passwords: promise and peril

The Agile Bits blog discusses good methods for choosing a human-memorable "master password" that is used to lock up a file of non-memorable, strong passwords:

Avoid secrets or things that are personally meaningful

The more personally meaningful something is to you the fewer alternatives there are. There are more things that don't have personal meaning to you than do.

In particular avoid personal secrets. Twice in my life when I've been asked to find weak passwords where I worked, I had the embarrassing task of telling my friends and colleagues to change passwords that also revealed their secret crushes. Also there may be a time when you actually do need to reveal your master password to a loved one. When I spot passwords like IloveUVicky along with the owner's email address among 26000 email addresses and password exposed from a pornography site, I certainly hope that this won't cause too much trouble for the owner.

Toward Better Master Passwords

(via JWZ)

(Image: Change your password or the dog gets it, a Creative Commons Attribution Share-Alike (2.0) image from dnisbet's photostream)