Originally Posted by
packetshard
I read (here maybe?) that someone recommended creating an email address specifically for user accounts and password resets and only using said email account for these purposes (not for regular correspondence, etc.). Also, maybe naming it something that doesn't identify with you or your name.
The other thing that helps is recognizing what makes a good password in the first place, particularly as it relates to how human memory works. Randall Munroe, who draws XKCD, nails it here:
http://xkcd.com/936/
Creating an email address specifically for password resets is one of the better ideas. It's floating out there generally, but doesn't get the attention it deserves. A separate email for each password would be ideal, but is not very practicable.
A few words strung together makes a great password. It should be impervious to a dictionary or brute force attack and is relatively easy to remember. There is the issue of using a unique password for each site, which cuts down on memorability, although you can use a general password with a unique portion for each site, such as MyLongPasswordForFT, MyLongPasswordForCiti, MyLongPasswordForTwitter.
xkcd is a high point of current western civilization.