A secure password must adhere to the following three principals:
Many security constants (and other like minded people) will also say that passwords should be unique. That is, you should have a different password for each account/system/location that a password is needed. I feel that 1 secure password is better then many "not so secure" passwords, but I will address this issue later in the how-to.
If we take all three principals together, it means that we need to make a password that is easy enough to remember (never written down, and unforgettable) but also appear to be a random string of characters (not be predictable). The best way to do this is to start out with something you can remember, then run it though a simple algorithm (process) to convert it into what appears to be a completely random string.
Start with some trivial, easy to remember word(s) or name(s). It can be a name, a place, a color, a song lyric, what ever you want. Just as long as it is something easy for you to remember.
Create a translation algorithm, a simple rule/set of rules, to convert your step 1 string into a secure string of random gibberish.
Throw in some "salt" - some seemingly random characters added to your step 2 string of characters to create a unique, easy to remember password. This step is usually optional, but can also be helpful in cases where you want a unique password for every account, or where you have to change your password every X number of days.
I know this seems very confusing, but once you have done it a few times, it becomes very easy. This is one reason why I regularly suggest AGAINST the "remember me" feature of many websites/browsers/etc. If you let the computer remember the password, you don't let your mind learn it. (Why is it again that we don't let students complete other students homework?!)
The hardest part is coming up with a workable algorithm - you need to change your easy to remember string into something that appears completely random. Below are just a few examples to help you out. You can use one of these, or you can come up with your own.
Easy to remember word(s) or name(s) - Take a line from your favorite song or your favorite poem as your starting point. You could even use different songs for different accounts. For example I might use "Money" by Pink Floyd as my financial accounts password, and "Schools Out" by Alice Cooper for school accounts, and "The Letter" by The Boxtops for my email.
For my example, let's use the Alice Cooper song. One of my favorite lines in the song is "We can't even think of a word that rhymes"
Easy to remember algorithm - Now take only the first letter of each word.
WCETOAWDR
And then convert a few of the letters with a "look alike" number, for example:
wc3to4wd8 (notice that I did every third.. just a way to help remember)
add some salt -Throw in some things to make it "more" random. In this case, I would through in a dash in place of the apostrophe.
wc-3to4wd8
Or lets say I know this is on an account where I will be forced to change my password every thirty days. I can through in the month
wc-APR-3to4wd8
Or lets say I want to use this as my "base" password for all my accounts. BUT I still want to make each account have a different password. I can use 3 letters of the account's name/website.
Usage -Now when I need to type my password, I don't have to remember some random strings, I just have to remember the line "We can't even think of a word that rhymes" and my algorithm. Since I use the same algorithm for all my passwords, it is easy to remember. Now as I type the password, I just say to myself my song lyric.
Easy to remember word(s) or name(s) - Lets pretend that my name was Anthony Douglas Smith. So I am going to take my middle name, and the other two initals.
ADOUGLASS
Easy to remember algorithm - Using the keyboard, I am going to shift the letters to left one place (I could do up/down/right or even 2 places, etc).
sfpih:dd
add some salt -Throw in some things to make it "more" random. You can use any of the ideas above, or here are some additional "salting" ideas.
One example (for the "math geeky" people) would be to throw in a number, but convert the base. Convert the "normal" number from base 10 to base 2, base 8 or base 16 for your computer nuts, or or for you math and history nuts try base 20, base 60.
s0xAfpih:dd - Lets pretend that Anthony was born on the 10th. So we add 10 between the A and D, but we converted the 10 base 16 (hexadecimal). 10 = 0xA
Or something a bit easier, maybe Anthony was born on March 10th.
s03fpih:d10d
Usage -This is why I think this would be great for touch-typists. When it comes time to enter your password, just shift your hands according to your algorithm. Now you just let your "muscle-memory" type out the letters of your step 1 word(s).
I have given you two algorithm examples, both are very good at creating a random string that can be used as a password. Or, if you don't think you can use/remember my two examples, you can make up your own. The key is that when you are done, you should have a password that meet the three criteria: