The REAL way to create strong passwords

Recently another Steem user, @avecaeser, posted this story on how to produce a strong, unforgettable and unique password. They actually succeeded on the unforgettable and unique points but certainly not on the strong point.

Just because a password is long does not mean it is strong

What is important is how many combinations an attacker would have to perform in order to break the password. Unfortunately the scheme that @avecaesar suggested actually cuts down the number of combinations. Why?

• the numbers come from very limited ranges. 12 possibilities for the months, 31 possibilities for the day, and, say,
  80 (maximum) possibilities for the year of birth.
• the & is always in the same position. This is only 1 possibility!
• the date of birth of a person is fairly easily discovered by a hacker and gives them half the password already
• now all they need to do is find out the nickname the person had in high school!

I am truly not trying to be confrontational with @avecaeser but I think it is important for the community that they understand why certain passwords are safer than others.

The only true way to maintain security is for the password to be unguessable. For it to be unguessable it really needs to be random. Now this does make it hard to remember, but it's the price of security.

What I would actually suggest is using a password manager such as 1Password which encrypts all your other passwords behind a single password.