James and others have given their schemes for passwords in previous posts. I thought I'd just throw this out there.
One of the problems I have when I have to change passwords in an application or web site, particularly one that does not allow me to re-use a password, is making them recoverable. James published his scheme, which I have used, which is <my passphrase> # whatever. That's not too bad, but I can't ever remember which number I am on, and if the phrase changes I have to way to recover it. Also, if I stick the number someplace to remember the iteration, anyone who has ever learned the phrase can hack me. It really reduces the validity of the password to just a 2 digit number.
So, I was helping my middle-school daughter review for a social studies quiz. And, I came up with this.
Pick some fairly obscure event... say the date of the signing of the treaty of Guadalupe Hidalgo on Feb 2, 1848. Now, I make a password with the date and the initials of the event, like 22GH1848. If I need a hint, I can make a stickynote that says "Guad" and that will trigger what I need to look up in Wikipedia.
This gives a non-dictionary, letter and number password that is recoverable. And, I'll bet if you overheard me say "my e-Bay password is the signing of the treaty of Guadalupe Hidalgo" you would not remember it long enough to look it up, even if you knew the underlying scheme.
Similarly, for PIN numbers, pick something like some physical constant like Planck's constant of 6.626 and use those numbers. The numbers may float away like dandelion seeds, but the recovery is but a smartphone click away, and it's a lot more obscure than your daughter's birthday.
