A thought provoking article via Lifehacker on why a different approach to a random password might be better. I have not done the maths on this so offer no opinion on whether it is better or not, but I shall certainly think about it. One potential downside is that individuals creating their own phrases are likely to fall back on the same one repeatedly, whilst the phrase might be hard to crack you are then vulnerable if someone cracks a site’s security and that password gets into the public domain (as happened at Lifehacker). Varying the phrase solves that but you lose memorabilty again. I use a secure password store with a random password generator built in. The password to the store is a phrase which has been subjected to a mathematical process so that I can recreate if necessary …. but I use it so often that is no longer a problem.