Recently, there has been a fair amount of discussion on password security.  The question of what makes a good password, etc.  (See, this post, and this discussion thereof),

But it’s largely missing the point of the biggest problem in password protection.

Namely, the big problem is having too many logins.  To be secure, you want to have a different password for each site you log into.  That way if their server is compromised, like how Gawker was, hackers won’t get your password to every system.

One suggestion is to use pass phrases instead of passwords.  Real words in a phrase are more difficult to guess than a single word alone.  (Simply: increased length → increased security).  Also a phrase is easier to remember than a series of random letters, number, and characters.  Amazon has implemented a system, PayPhrase, to take advantage of this fact.  (See, this MIT Technology Review article on PayPhrase)

Even if the passwords are phrases that can be remembered, it is extremely difficult to remember a bunch of different phrases and which phrase goes with which site.  Ultimately, you end up with the same problem as before.

“Tricks” like incrementing a number at the end of a secure password are just as susceptible.  Firstly, you have to remember which number goes to which site.  Secondly, a hacker that gets access to one of the passwords has a template to go after your other passwords.

The best solution I found was to use a password system like 1Password or KeePass.  I use 1Password and it creates and stores different, strong passwords for each login.  Lifehacker has an excellent explanation of why this system is the best of the available options.