You know the old sayings when it comes to password security. >Never use the same password twice >Choose hard passwords that use numbers, symbols, caps and lowercase >Never write down or store passwords in a way that could be compromised >Change passwords semi-regularly >Never reuse an old password These are great ideas from a technical standpoint, but they completely and totally ignore the human factor. A hard password is difficult to remember, let alone when you have ten of them for ten different sites. Without writing them down somewhere you're likely to forget them, and even more likely to forget the ones you change frequently. This sucks, so I'm going to share a couple tips and tricks I use for making and remembering secure passwords. These two tricks are Passphrases and Catches. >Passphrases A passphrase is like a password but it much easier to structure and remember. It can be any line or quote that is memorable to you for some reason, which you then modify in a rememberable way to make more secure. Let me show you some examples. Starting with a simple phrase like "the quick brown fox" from the famous example of "using every letter in the alphabet", you could easily make this into a very memorable, hard to break passphrase. The addition of one symbol in a particular spot, and capitalizing each word in the phrase other than the first, is a simple adjustment. As a rule, don't always capitalize the first letter of your password, and don't always put your symbols or punctuation at the end, because cracking programs often anticipate this. >the#QuickBrownFox is a seventeen character, secure password. For comparison, try remembering iQd#rgYtbaLsdevPG. The strength is comparable. >Catches A "catch" is a personal sequence of characters, generally 4 or 5 long that includes a symbol and that isn't related to any of your metrics (don't use your fucking birthdate or anything like that), that can be spliced into the middle of an ordinary word to make it a strong password. Your catch should be something memorable to you, and you write it within brackets or ellipses. If we take an example from /pol/, a person's catch might be (#1488). This could be injected into any other nominal password by inserting it between two of the letters. Take the classic example of a shitty password, the password "Password." >Pa(#1488)ssword And then on a different site you might use the same catch, but with a different outer word. >netf[#1488]lix >8c{#1488}han Once you pick your catch and memorize it, you never really need to change it. Just by altering the outer word and the position of the catch within it, you can generate a very strong password while still being able to easily remember it. Even if your password is exposed on one site, your other passwords using the catch will be different enough to maintain some security, and that's assuming whoever got your first password is smart enough to target you specifically and attempt using your catch as a bruteforce input by itself.