Having had the fearful experience of my current account being emptied by a suspected phishing expedition - the money was refunded by PayPal - I was told to have different passwords for different accounts in future to make this more difficult to happen again. Fortunately, the thief was greedy and wanted all of my ready cash; making the transaction extremely suspicious. Greed and stupidity make excellent bedfellows.
PayPal realizes that people do not take this elementary precaution because it is difficult to remember a lot of passwords. Moreover, PayPal offers no secure online password storage system to help with this all-important issue.
The only way to generate passwords that are the hardest to guess is randomly, but this makes them hardest to remember.
The solution is a system for generating passwords, so long as non-one else can guess your system. So long as the system is not online based, no-one should be able to guess the system and thus be able to calculate any of your passwords based on your system.
Effective passwords should be a mixture of upper- and lower-case letters along with numbers so that they do not - paradoxically - resemble words. The most effective passwords are, therefore, not words, but a jumble of letters and numbers that still must make some sense to the user - and only the user. Logic dictates, therefore, that a pass-phrase should be used.
I use a two word phrase, not in English to make it even harder to guess, and write this without a space:
- "LetsGo" uses camel-case so fulfills the criteria for using upper- and lower-case characters;
- "9LetsGo" adds a number - choose any number and stick with it - so that the password becomes alphanumeric; making it stronger;
- "9LetsGoIG" adds an abbreviation in qualifying upper-case letters that indicates the purpose to which the password is to be used. In this case, the iGoogle (IG) Website.
In this way, the password is:
- Very strong
- is modifiable for any use; yet,
- easier to remember than any randomly-generated password.