User-friendly method for good passwords
After years of frustration I finally found a trick that my users can work with, but creates good passwords. Maybe it's too simple to seem legit. I dunno, but here goes again...
Base the password on an easily-remembered sentence. Easy example: "These aren't the droids you're looking for." Take the first two letters of each word, capitalize the first, add punctuation to the end. That gives:
Tharthdryolofo!!! It's not necessary to remember that mess of letters. Run through the sentence to yourself as you type. My least technical users can do this and love it.
Is it perfect? NO! Are there recognizable words to dictionary attack? NO! Can a user remember and use this near-random password? YES! It's the best compromise between random passwords and usability I've found.