(Geek challenge! Name the movie and the TV show that are the source of two of the passwords on the list.)
So, in the interests of doing my part to halt the usage of easily hacked passwords, I thought I would share my password system. And some links, if you want to try it, too.
The tools you'll need:
KeePass will generate random passwords, includes keyboard shortcuts to copy passwords (and then clear the clipboard after a set amount of time), and stores everything in an encrypted file using one- or two- factor authentication. Whenever I create an account on a website, I fire up KeePass and generate a random password for it. (Sample password: Egz0B2GC4pZf2u5VBVYi)
So now I've got an encrypted file, accessible only via the KeePass application using my master password (and/or a keyfile). But I want to access that file from anywhere! Enter ... the Dropbox.
It's a box. For dropping.
Dropbox has added some policy updates of late that have made me a little nervous, but I'm still OK using their service to store encrypted data. Simply place your encrypted file in your free Dropbox folder, and now you can access it from any computer, phone, tablet, or computerized llama you use. (Note: Dropbox may not yet be compatible with computerized llamas.)
Finally, for the lazy (like myself), Google Chrome can help with your all new fully random and completely nonsensical passwords. (You know, the ones you'll never, ever remember.) Chrome will remember passwords just like most modern browsers, but, in a twist, will also let you sync that data across all your Chrome installations.
Score! Your information is encrypted on Google's servers, too!
Before and after time! Before, I was using one or two passwords on every site. And frequently the same username. These passwords, while not dictionary words, were also not the most secure. I did this primarily because 1) I needed passwords I could remember because 2) writing them down is a Pretty Bad IdeaTM.
Now, every account I have has a different password (though usually still the same username), but I only have to remember two - my KeePass file's master password and my Dropbox password. The second is not strictly necessary, unless you ever want to access your password file from a computer that is not your own. (Bonus protip: throw the KeePass installer in there, too. It's small.)
Yes, using a password store takes just a little more time and effort, but, with the number of security leaks in the news, and the lists of accounts available in the seedier parts of the Internet, it may well be worth it to keep your accounts secure. Added comedy trope bonus: tell people your password is so secure, you don't even know it.