You should frequently change your passwords, use strong passwords, and not use the same password for multiple services (only one point of failure where all your passwords get compromised rather than every such service being a point of failure). It’s not easy to live up to this in practice, but there are approximations that are much easier:
Using a password manager is better than using the same password for lots of services. Clipperz is a web service that does the encryption on your computer (so your passwords never get sent to the server), and can be installed locally. Alternatively, you can use a local application if you’re not worried about ever needing your passwords when you don’t have access to your computer. I currently try to get by with (a login password) + (passwords for particularly important online services like online banking) + (a password manager password).
If you balk at the inconvenience of regularly memorizing randomly-generated passwords, it’s better than nothing to come up with memorable phrases and take the first letter of each word to form your password. (Non-boring bonus advice: You can use phrases that remind you of something you want to do each time you log in to your computer, like looking at your todo list. [ETA: Never mind. I’ve now tried this twice and both times entering the password has become automatic far too quick, stopping almost immediately to serve as a useful reminder.])
You can generate a very strong passphrase with Diceware. Physical dice are more secure than almost any electronic device, and dictionary words let you memorize the randomness very efficiently.
This can then be used with KeePass or some other password manager. Also useful for brainwallets and other kinds of data where offline attacks are likely.
The purpose of that suggestion is to protect against dictionary attacks. Agreed that the advice “should not contain any word in any language” is overly strict (better advice would be “should not simply be one or two words in some language”).
Regardless, password recipes are a solution for the problem of coming up with a different password for different services. Even using the technique in the comic to remember phrases like “correct horse battery staple”, it would be difficult to remember a different password for dozens of services compared to just remembering a single password recipe.
You should frequently change your passwords, use strong passwords, and not use the same password for multiple services (only one point of failure where all your passwords get compromised rather than every such service being a point of failure). It’s not easy to live up to this in practice, but there are approximations that are much easier:
Using a password manager is better than using the same password for lots of services. Clipperz is a web service that does the encryption on your computer (so your passwords never get sent to the server), and can be installed locally. Alternatively, you can use a local application if you’re not worried about ever needing your passwords when you don’t have access to your computer. I currently try to get by with (a login password) + (passwords for particularly important online services like online banking) + (a password manager password).
If you balk at the inconvenience of regularly memorizing randomly-generated passwords, it’s better than nothing to come up with memorable phrases and take the first letter of each word to form your password. (Non-boring bonus advice: You can use phrases that remind you of something you want to do each time you log in to your computer, like looking at your todo list. [ETA: Never mind. I’ve now tried this twice and both times entering the password has become automatic far too quick, stopping almost immediately to serve as a useful reminder.])
… or you can just store your KeePass database in Google Drive.
You can generate a very strong passphrase with Diceware. Physical dice are more secure than almost any electronic device, and dictionary words let you memorize the randomness very efficiently.
This can then be used with KeePass or some other password manager. Also useful for brainwallets and other kinds of data where offline attacks are likely.
I like the approach of password recipes to have a unique password for each service without needing to memorize very much.
“Furthermore, your unique password should not contain any word in any language.”—ahem...
The purpose of that suggestion is to protect against dictionary attacks. Agreed that the advice “should not contain any word in any language” is overly strict (better advice would be “should not simply be one or two words in some language”).
Regardless, password recipes are a solution for the problem of coming up with a different password for different services. Even using the technique in the comic to remember phrases like “correct horse battery staple”, it would be difficult to remember a different password for dozens of services compared to just remembering a single password recipe.