Yeah super. Let me scale that for my bank, car loan, house loan, credit cards, FB, IG, Twitter, Email, HN, Coursera, EdX, Udacity, Udemy, Concur, forums, Netflix, LinkedIn, Paypal, Slac, Spotify, Hulu, AppleID, Reddit, Amazon, health insurance, college alumni page, Digital Ocean, WSJ, GoDaddy, hotel points, and airline miles sites.
That's a lot of accounts and a lot of passwords. You'd probably want to use a password manager. These kinds of passwords still have the advantage of being easy to hold in short-term memory, so when your password manager is on a different device than the service you're trying to use, you can look it up once and type it in rather than having to look back and forth between the two for that 16-digit number.
I think that's his point. The strategy of memorable passwords is not viable. You still need a password manager. But I agree that spellable, pronounceable passwords are helpful when you need to type on in.
I finally started using KeePassX so I could keep track of the insanely long and randomized passwords it creates across the same plethora of sites you've listed. I love using it, but there's no way in hell I can quickly update so many different credentials conveniently(e.g. update your password every 6 months or so? Just kill me now)
I've used password managers for about 15 years now. I just counted I have ~400 passwords saved, most of which I'm obviously not using and a large number for services that do not even exist any more.
As I can't be bothered to even check which ones to delete, I will definitely not be updating any of those.
Except some you can outsource everything to a password manager.
I think I remember just these passwords: my 2 banks (that keep my savings), stock broker, primary email a/c, AppleID, personal VPS. For these too I keep very personal hints (no one else can guess) in KeePass (just in case).
Master passwords for LastPass and KeePass are quite difficult and I don't keep its hint or anything anywhere. It's a risk I decided to take. On the downside I have not changed these two passwords in a long time.
Hmmm. Have you considered closing some of those and regressing away from your online presence in order to solve your evident frustration with managing so many pwds? If I signed up for all that cra..stuff, I would close some. :)
To make it a bit less conspicuous, take the third character (or something) from the service name and put it as the fifth character (or something) in an otherwise long random string.
This will look like a random password... until someone gets two or more passwords made with this strategy, then it's pretty easy to find out the strategy.
You only have to remember one password, the strategy is the same for all passwords, replace the fifth character (for example):
google: mojko2if6bibe78
youtube: mojku2if6bibe78
yahoo: mojkh2if6bibe78
Note that I don't advocate this strategy for high-security applications, but for throwaway accounts that you might want to access when not having access to your password manager it might be useful.
