The Baekdal is a great article -- thanks. I do think he missed one option that is secure and works for many people: a phrase with intentional misspellings and non-alpha characters, "substitutions", etc.

For example, rather than "this is fun", something like "beach=2 much fun". Adding the non-alpha character and the digit makes it much stronger, yet it is pretty easy to remember.

Intego has published quite a bit about this. Do be sure to keep physical control of your gadgets at all times...

and look here.

The cracker speed indicated in the cited articles is woefully low.

My antique, 10-year-old desktop Mac can check over 8 million 64-bit strings per second.

I frequently used leet speek in my passwords. I should combine it with this method. "th15 15 f|_|n" would probably take even longer to crack. Thanks for the info Amy!

Also worth mentioning are security questions, which use information supposedly known only to the correct person in order to accept the password.

For example: What is the name of your favorite pet?

Now, you could answer that question directly. However, as Sarah Palin found out, the answers to security questions aren't as hard to guess as one might think.

So, instead of a truthful answer, pick a rule: the answer to every security question is the first letter of each word in the question.

Using that rule, the answer is: witnoyfp

The rule is easy to remember, so it doesn't need writing down anywhere, and no matter how much someone knows about you, they will get nowhere.

test

You passed. I think.

Depends on what the test was. NCLB, perhaps?