They're easy to remember yet hard to crack
Like many other companies, my company requires complex passwords that need to be changed more often than users would like. My suggestion to users has been to pick a passphrase—that is, a sentence or a phrase—rather than a password. A sentence is fairly easy to remember because we as humans do something called data chunking that lets us remember a group, or chunk, of related data.
While passphrases are inherently easier for humans to remember, passphrases are complex for computers because sentences have capital letters, spaces, punctuation, and sometimes even numbers. The longer length of passphrases also helps. Even something short like Go Huskies! is 11 characters with three types of characters.
Inspiring phrases, funny sayings, bible verses, lists, and even a line of code can all be good passphrases. Just like with passwords, though, you want to avoid easy-to-guess passphrases such as those containing personal information or famous quotes.
If you'd like to learn more about passphrases, Microsoft published the three-part series “The Great Debates: Pass Phrases vs. Password,” which has a lot of helpful information. You can find the first part of this series at technet.microsoft.com/en-us/library/cc512613.aspx.