Like most of you, I've had many different passwords I have had to remember over the years. Some professional (network, servers, applications), and some personal (facebook, twitter, online banking). Up until about a year ago, I thought I had a fairly secure system for managing my passwords for all these different things: I had 3 different passwords memorized, and would pick one at random. Each one was fairly complex (letters and numbers), but none would stand up to a brute-force or dictionary attack. The downside to this method is that when I would go back to a site I haven't visited in a while, I would have to guess which password I used - not so handy, but manageable when there are only 3 options. In some cases, I would have to modify one of them to meet required password complexity rules, such as including a non-alpha character, which would only serve to confuse me more (and often resulted in clicking the "Forgotten Password" link).