Having effective passwords for the myriad of sites that we need them for is getting harder. The best passwords are: long, not words, no pattern, include numbers, symbols and caps. We shouldn’t use the same one, or similar ones, twice, in case 1 gets compromised. And we should change them often.
Password cracking is getting easier all the time. This arstechnica article entitled Why passwords have never been weaker—and crackers have never been stronger goes into great detail, but the essence of it is:
The ancient art of password cracking has advanced further in the past five years than it did in the previous several decades combined. At the same time, the dangerous practice of password reuse has surged. The result: security provided by the average password in 2012 has never been weaker.
There are several reasons for this. For example, password breaches give hackers significant information about typical password patterns that help them create algorithms to crack other passwords.
My personal belief is that someday biometrics will be the answer to this – although there are huge issues to overcome before that can work effectively.
So what can we do? If a service offers 2 factor verification, consider using it. But using that is not permission to use a simple password.
Consider using password management software such as keepass, lastpass, 1password, or passwordsafe. Opinions on the relative merits of various products differ. Some are free, some are not. Some store the info locally, some in the cloud. Some are better than others at working across multiple devices (a necessity if, for example, you might access a particular service on your work desktop, home desktop, iPad, iPhone, Android phone, Microsoft phone, etc.)
Each one generates strong passwords, then stores and manages those. You do have to remember 1 strong password to use the service – but only 1.