IMHO there are two requirements for a good password:

1. It must be hard for a computer to guess.

2. It must be easy for a human to remember. If you can not set a secure password and then remember it a week later it is a bad password.

This is why I really hate overly strict password requirements that make it hard to remember. These cause people to write it down or do things that appease the password checker but don't make it harder to guess.

▲

slashdave 2 hours ago | parent [-]

3. Saved in a password manager

▲

Delk an hour ago | parent [-]

That replaces number two and is the correct alternative in most cases.

There are cases where a password manager may not solve the problem, though. It doesn't help if I forget my disk encryption or work AD password and I need to be able to login before I can get to the password manager in the first place. Enterprise IT is also where you find some of those frustrating password policies, such as long and complex passwords with mandated changes every month or two, and where you usually can't choose your management tools.

Of course those particular passwords usually get typed so often that remembering them isn't much of a problem. And password managers work well for pretty much all secrets that aren't needed that often.

	▲	slashdave 13 minutes ago \| parent \| next [-]
		Yeah. I've been in the habit of keeping the (encrypted) password file in multiple places. So I can even get the password off my phone if I really need to. Although: be careful of cloud solutions
	▲	jandrese 36 minutes ago \| parent \| prev [-]
		Until you need to login some place and don't have access to your password manager.