UPDATE: (also added in comments)
I've been using LastPass for almost 10 years now, so I 100% agree that password managers are the way to go to manage the hundreds of different logins that we all have now.
I should have probably clarified this originally, but this suggestion is really for those passwords you can't (or at least shouldn't) store in a password app, like the master password for the password app itself, your network login for work, or the password for your own personal computer. These should also be the passwords that you should probably be changing more frequently as well!
Take a line or two from one of your favorite songs and then use the first letter (or corresponding symbol and/or number) of each syllable.
So for example
"Always Look On The Bright Side Of Life" could be represented as
Awlotbsol @W1otbs0l aW10+b$01
etc etc
You may need to write it down at first, especially when you first create or change it and need to enter it twice. But after entering it a few times, all you need to do is remember the line of the song and you'll remember your password!
And for passwords you need to change frequently, just use the next line in the song as your next password!
Videos
So i just finished the setup for keepassxc, first time using a password manager since i always have used the typical "write all down on a paper". Now I'm just a regular user with regular accounts so am not linked to any company or agency where confidentiality is actually critical. I setup a master password of around 13 words with some special characters. I'm sure its very strong but hard to remember if i don't look at it. I was wondering if a 5 or 6 word master password would be enough for a "average non special" user. Also if you could help figure out how to sync the database and keyfile with my other devices like a plan that i could follow would be much appreciated since i'm quite lost.
I am writing a document to send out to everyone in my organization with some tips on creating more secure passwords. A common problem is that with long passwords requirements, which we have, is that people tend use patterns or reuse large chucks of old passwords and simply replace a few characters, PassWordxxxx, changing the xxxx with each reset.
I have an idea to help people create complex, and seekingly random passwords and I want comments and suggestion on if it seems good.
Pick 2 unrelated airports from 2 random cities in the world and the final score of a sporting event.
In this example I’ll use Gatwick, London (LGW) and Juneau, Alaska (JNU) and game 7 of the ‘05 NBA Finals 74-81, the order is up to you. The password could then use those characters and various patterns. An example would be: lgwjnu7481JNULGW&$*!
&$*! is 7481+shift.
The airport codes could simply be replaced other things like the 2 letter codes from 2 random elements form the periodic table, the 2 letter codes for 2 different states, etc.
The numbers could be an area code for a random major city, a year that may have some significance, etc.
Another example would be wyaz1492AZWY!$(@
!$(@ is 1492+shift.
I know this seems like a lot but once you get it it’s actually a simple concept, and considering that it’s important to be secure it’s supposed to be somewhat complex.
Disclaimer: I'm interpreting "easy to type" in this question literally to mean consecutive characters or similar typing patterns, which is different from passwords that are "easy to remember". I point this out because none of the other answers appear to interpret the question this way.
How to generate easy to type passwords without sacrificing security?
Short answer: Don't bother.
The reason is it's not worth it unless you are an extremely slow typist. I just tried an experiment where I choose two passwords, both were easy to remember, and one is (seemingly) much easier to type than the other. In order to more easily measure the timing with my stopwatch, I typed both passwords 3 times and compared:
Option 1: (12 seconds to type it 3 times)
This password is easy to remember
This password is easy to remember
This password is easy to remember
Option 2: (10 seconds to type it 3 times)
1234qwerasdfzxcv7890yuiohjklnm,.
1234qwerasdfzxcv7890yuiohjklnm,.
1234qwerasdfzxcv7890yuiohjklnm,.
I actually tried it a few times and the time shown above was my last set of 3 for each. The first couple of times I messed up the "easy to type" password because I was going too fast and bumped other keys.
My conclusion: it's likely to be the case that if you choose any passphrase that is easy to remember, it won't be much slower to type than one that is seemingly more "easy to type". (My average was 3.3 seconds vs 4.0 seconds.) Add to this the slightly higher probability that an easy to type password could end up in a dictionary list, and I'd shy away from it.
Mandatory "Use a Password Manager!". But you seem to already be aware of this. Moving on.
There are any number of tricks. In my experience, "easy to remember" and "easy to type" typically means "full English words"; my fingers/brain have a much easier time with words than they do with arbitrary sequences of characters. Two systems that come to mind are:
Diceware
Grab yourself a copy of the Diceware word lists [Article], [large_wordlist.txt] and roll some dice! This list of 65=7,776 unique words was carefully selected to be easy to remember. Wikipedia gives these examples as typical diceware passwords:
- conjoined sterling securely chitchat spinout pelvis
- rice immorally worrisome shopping traverse recharger
Also: mandatory XKCD advocating passwords of this style.
Passphrase
I'm an advocate that we should ditch "password" from the English language - since it encourages people to think in terms of single words - and with the exception of a few especially moronic banks, all systems accept spaces in passwords now, so why not think in terms of "passphrases"?
A clever trick that I heard of is to set a passphrase that represents some personal-life goal you want to achieve or fact you want to remember. A) since you type your passphrase many times a day, it's a natural reminder to do the thing, and B) once you accomplish the thing, you have a natural reason to change your passphrase! The following would be examples that would naturally want to change after a month or so:
- "update $% on my 401(k)"
- "get under 10 Smokes/day"
- "Sandy's baby due on Aug 24th"
- "plan Grampa's 80th b-day party"
[ps. I'm waiting for the flame war on this suggestion. My generic answer: use a longer passphrase!]