EDIT (10-19-2015): added: why xkcd's post can't be taken into consideration. https://bbs.archlinux.org/viewtopic.php?pid=1375311#p1375311 The first thing I do is to take note of a song I like. For this demonstration, let's say this song is ABBA's song called "Lay all your love on me" (I really like this song). Next I scan the song's lyrics and try to find a good phrase. Let's say this is the phrase: Code: Don't go wasting your devotion Here's where all the magic is done. First, I change some of the letters to Capitol, like this: Code: dONtgOwaSTInGYoUREemotIONs Next, I change some of the letters to numbers so there aren't meny repetitions: Code: d0NTgOw4STInGYoUR3Emot1ONs At this part you might think "this is good enough". To some extent, yes it is; however, this kind of passphrase wouldn't stand long to a dictionary attack that takes "l33t sp34k1ng" into consideration. So if you think you're a valuable target that might suffer a brute-force or dictionary attack, don't stop here. Next comes the fun part: symbols. I LOVE to use symbols in my passphrases because they make them look so complicated and pretty! However, you must know that just replacing letters/numbers with symbols will also make your passphrase fall under a good attack. So, here's what I would do to this passphrase: Code: #$d0N'T-gO(w@$T1nG+YoURrrR_)Emot!OnS!!!:D See what I did there? * It's easy to remember the topic since it's a song I really like; * It's a good passphrase; * It's not as hard to remember as a true random passphrase; You can make the passphrase longer or shorter depending on how good your memory is. If you type this passphrase a few times (around 10 works for me) you probably will remember it. It's not so random to the point where you must type it 100 times to remember it; yet it is complex enough to make a good passphrase that would probably stand up to an attack for millions of years, even if all current computational power was devoted to "crack" it.