/u/kinyutaka explains why using the word chicken 4 times in a row, is a better password than your current passwords.

I think it's best to just incorporate the idea into things where you you HAVE to remember it, and can't use a password manager. I like this site,


In the seed field, mash your keyboard for 10 seconds or so, go nuts, then generate. The point is that the words are truly random, and probably quite a few are uncommon. 6-8 words or so. If you pick and choose the words, its defeats the point for all the reasons you mentioned. For good measure throw in some random numbers or symbols anywhere in string, even breaking up words.

Burn that into your memory, and secure your keepass database. (Still doesn't seem to be anything else that is 100% free, open source, and user driven, no cloud etc... Especially if you use public computers with no admin rights or usb access) Generate another, burn into memory, secure your gmail account, and enable 2 factor tokens. Then you can use truly random ~25+ char passwords of gibberish for things that matter. Especially for shitty sites that still have like a 12 character limit or something. If you point your accounts back to that gmail address, you'll still have a very secure backdoor and layer of separation in the very unlikely event your kdb is cracked/lost. Same for the inverse in the unlikely event your gmail is compromised. I'd ideally suggest storing gmail recovery codes printed out, a sd card backup of the kdb database, the KP binaries, and the passphrases offsite at your bank's safety deposit box. Print out the database onto paper for those less tech savvy, and have it all in an envelope. Realistically you're probably fine just keeping that stuff at your house in a firebox/safe, but hey home robberies are still a thing and they're probably going to grab your lock box. Plus if you die tomorrow, your spouse/family will eventually get into your bank with a death certificate. If you have a note that says "Do X to get all of my online accounts" you're good.

It really all boils down to securing what you care about though. I have hundreds of accounts in my database right now, between random personal accounts, work, various servers, clients, etc... and I'm sure I'm not that unusual. That doesn't even include the stuff like Reddit, where I just use some simple re-used password because it ultimately doesn't matter. The problem with these phrases is that you're never going to remember all of them, and you're never going to be able to rapidly change them since your brain isn't going to like that very much. It's just going to lead people to same password problem of re-using them across all of their accounts. All it takes is one site to get hacked, insecurely store the data, and they're back in the same spot.

/r/bestof Thread Parent Link - np.reddit.com