OK, I have, well I don't know the number, but probably in excess of 100 web ID's. Now, out of that I probably use around 20 or 30 on a regular basis. They are my PC login ID, email ID, bank ID, cc ID, forum ID, etc. I have multiple ID's for each and multiple passwords for each, *not* by choice. And I think I have below the average amount.

Now, I can understand coming to a forum or banks or email, whatevers' website and not getting the username that I want because it has to be unique. But I should be able to choose whatever password I want to. Regardless of the ramifications. If I want my password to be 1-2-3-4-5, then I should be able to use that. (I actually know someone who had that password.) I would like to have only one password for every login. Paying my bills is a nightmare, not because of financial constraints, but because I have to reset my password for all my cc's and bank accounts every month.

Well, thanks for letting me rant.

I like simple to remind passwords but hard to guess.

Eg, use first letters of each word in a sentence:

"My Building Has 500 Apartments Mine Is Number 7"

=>mbh500amin7

You can also use @ for the A's to complicate things

I don't like password rules either, but, sadly, users have made them useful for sites with sensitive information, such as financial institutions and commerce sites (if you have Amazon one-click set up, a strong password is de rigeur).

For websites that just want a password so they can annoy users, such as some newspapers, I have one junk password that I use over and over again and a spam-trap email address. I really don't care if someone breaks into my account at the Lower Sasquatch Times, even if he or she does trash the comments section. (Aside: Newspaper comments sections seem to have become the cesspool of the inner tubes.)

For years I have been under the belief that a long passphrase is much more difficult to break.

Thequckbrownfoxjumperoverthelazyyellowdog may be an example of a password that is more difficult to crack than a complex three of four 8 digit.

There are some clear rules and conventions for passwords.

(1) Dont use common names, adresses, dates etc.
(2) Password/phrase/sentence SHOULD contain {uppercase letters AND lowercase letters AND numbers AND special characters}.
(3) Most organisations REQUIRE a forced password change periodically AND block out previously used last "n" passwords. Think about it. Isn't it helpful - if you can manage the chore of refreshing your memory?
(4) Use a coding system that you can recollect and use but is specific to you. Eg. Post #2.

Within these norms, using variations and combinations that suit you, you can get many combinations to address forced password change.

OK.

I know how to make a reasonably secure password. It's just that some places want a number, letter and a special character. Some want number, letter, no special character. Others number, letter upper case letter no special character. Some want number, letter, no upper case letter, special character. Etc, ad nauseam. Thus making it impossible to have one or two easy to remember passwords. Then they block my account of X amount of time because I tried more than 3 times to figure out which password I'm using for this website.

Like, right now I am locked out of my stock account because I can't remember what username/password combo I used. I've tried every single one that I use. It's obnoxious.

KeePassX - I have many dozens of ultra-secure passphrases and I've no idea what any of them are Boy am I screwed if I ever forget the only password I know - to my KeePassX database!

It's not just about you. If your bank account is hacked, it damages the reputation of your financial institution, thereby costing them money (the thing they care most about in the world), thus their interest in strong passwords.

Acquire them somehow and write them on a piece of paper, and put that paper under your keyboard.

I understand what you're saying here, but if I have a ten character password containing numbers, letters and special characters it should be good enough for anyplace. I'd be willing to change them all to have an upper case letter, but then some don't allow that or special characters. There needs to be some sort of uniform level of password security. And then some don't even tell you what the password guidelines are, making it even more of a pain to guess which password you're using.

IMO, that's the right answer -- a secure password storage utility. Sufficiently strong passwords (in general) are not going to be memorized by most humans. Especially since you should not reuse credentials across services.

For pseudo-random password generation, I recommend checking out pwgen(1). Most accounts I set up get their password this way:
(If there are shorter password requirements - not too uncommon, actually - that needs adjusting.)

The two things that scare me about using programs like that are "What if I forget the main password?" and "What if I lose the file that has all the passwords in it?". Those two questions are what keep me from using those programs.

My arrangement is one throw-away password and the rest are based on making patterns on my keyboard. It gets me a healthy mix of letters/caps/numbers/symbols, and all I have to remember is which username corresponds to which starting key + pattern combination. The only downfall of this is if I'm forced to use a different keyboard layout to enter the password (ie. the keyboard on my phone), then I'm screwed (although a picture of a standard QWERTY keyboard is usually enough to remedy this).

I was actually kidding - it's impossible for me to forget the passphrase since it's the ONLY passphrase I know (well , one out of 2 really, with the other, simpler one to my LUKS-encrypted hard drives). I don't even know my private SSH key (ksshaskpass takes care of that for me). So it's like remembering a telephone number that you actually have to physically dial daily - impossible to forget. And if I get amnesia - well, I would have forgotten other passwords too so makes no difference.

With regards to losing the file - there are services like Ubuntu One for that as well as local storage media, multiple machines etc.

the thing is not to use dictionary words , and try for it not to be simple , like , use a password that doesn't relate at all with you (like , you are all serious and stuff , so for your password use.. i1iekfluff3hbu933s or something like that )