Here is an alternate solution to strong passwords. Come up with a small strong password that is easy to remember. Let say your root password phrase is ‘camelot’. Now come up with a consistent ciphering algorithm.
For example, replace all A’s with @ or all O’s with zeros etc. Capitalize every third letter.

Now, your root password becomes something like ‘c@Mel0t’. Now for each site either prefix or suffix the site name and apply the same ciphering algorithm.

So, if you visit www.google.com, you end up with a password like ‘g00glEc@Mel0t’.

Use this approach to create more replacements or change to rules so you come up with your own. One thing a lot of people might point out though is someone who has access to one password now knows your root password and hence can guess the passwords to all sites. This isn’t entirely true. A lot depends on your scheme. For example, if I need a yahoo password using the scheme above, it becomes ‘y@H00C@mEl0T’. Since the rule was to capitalize every third letter, the root password differs from the google one. Also, since you come up with the rules, you can make them as complicated as you need. For example, capitalize the 3rd letter, if the 3rd letter matches your cipher don’t go the cipher. Using this rule. Your google password becomes ‘g0OglEc@MelOt’ and yahoo becomes ‘y@H00C@mEl0T’. The your google password now starts with ‘g-zero-caps o’ as opposed to ‘g-zero-zero’.

Lets hear your innovate ways to password management sans software.

I use SuperGenPass. This cool little javascript is a bookmarklet that can be run on any site you visit to generate a unique password. It uses a combination of a user provided password and the site domain name to generate a strong unique password.

One advantage is that I only need to remember one password to generate unique passwords for any site. Also, the unique password is the same throughout the domain. Another advantage is that I don’t need internet access to generate the password since the javascript is run locally rather than remotely. So I have access to my passwords even if I am not online.

There are some shortcomings as well. One quite serious issue is that it currently does not use special characters to generate passwords. Special characters in passwords make it exponentially harder to break rather than just using letters and numbers. Another problem is that certain sites have limitation on passwords; ie. no longer than 8 characters or disallow certain characters etc. This means that the generated password will need to be modified to work for the site which makes it harder for you the remember it when you revisit. This really is a site issue and not a supergenpass issue. Sites should not restrict passwords, especially strong passwords. It also seems like it is possible for a site to get access to your private password even though the javascript is run locally. You can read about that particular issue here

A combination of SuperGenPass and Lastpass is possibly the ideal solution. Run supergenpass on a site you trust to generate your password. Enter the password on the desired site and sign up. Let lastpass remember that password for future use.