Using a password manager is not merely convenient, it’s an effective way to adopt better security practices without too much stress. It basically sums up to: 1) never re-use the same password, 2) use strong passwords.

But could you gauge the strength of your passwords? Can you easily determine how much entropy they contain?

I find this idea from Ka-Ping Yee very compelling.

What if, instead of treating memorability as the constant and strength as the variable, we treat strength as the constant and memorability as the variable? Suppose we have the computer choose a completely random password, to guarantee good password entropy. The phrase-based technique shows that a phrase can be turned into a random-looking jumble of letters and numbers. With a sufficiently large word list and a basic knowledge of grammar, can a computer turn a truly random jumble of letters and numbers into a memorable phrase?