We used a scheme for system access that one could only access the system from THEIR laptop (something they have) and with THEIR password (something they know. And it was different than their laptop password).

 

something they know[

One of the biggest problems is that most people don't know.
So they let their pc or laptop remember it for them.

 

Old but appropriate

 

"I start with a sentence I can easily remember..."

My problem with this method is that I have probably as many as 3 dozen accounts requiring passwords, and I acquire new such accounts at a rate of maybe about once a month.

If I follow the guidelines of using a separate password for each account, and if I regularly change passwords, then how am I, as an average person with only an average memory, going to "easily remember" hundreds of sentences, as well as which of those hundreds of sentences I used for any given account?

Even if I were to rotate passwords among my existing accounts, there's no practical way I'll be able to remember which of my 3 dozen "easily remembered" phrases is currently in use for any given account. Some accounts will lock me out if I make 5 or so failed access attempts, also.

The best solution I've found so far is to write my passwords down in a computer file and encrypt that file with one password, and for that, I do use an easily remembered password.

 

Hello davebee,

For keeping the passwords, there is a little program keepass:
http://keepass.info/
You will need a "master password" to enter the program and it can fill-in the username and passwords in the site.

Bertus

 

There's also PWSafe, which apparently does the same thing as KeePass. (With a less suggestive name ) It's also a free solution.
http://passwordsafe.sourceforge.net

 

Thanks, bertus and djsfantasi; those both look good.