Here is one suggestion for sites that pain us with password requirements: So the next time I login, instead of telling me how to reset my password, JUST SHOW ME THE CONDITIONS YOU HAD ON THE PASSWORD WHEN I SIGNED UP, RIGHT WHEN I STRUGGLE TO REMEMBER MY PASSWORD.
When can we start seeing regular services using client authentication using asymmetric keys?
You only really need 1 keypair per identity, you can store it locally on your machine, and use a single password to encrypt the private key.
Password-less authentication is available, see LaunchKey (https://launchkey.com). Start implementing and demand alternatives! The password manager User Experience is horrible, and LastPass just had a major security issue. Protecting passwords with passwords isn't the solution. Disclosure: I am a co-founder of LaunchKey
You can always try the crossword approach. Print out a grid of random characters, probably 20x20 or 25x25 and make sure it is small enough to fold up and put in your pocket.
With this in hand, simply remember starting and ending points on that page to create passwords. You don't necessarily have to go in straight lines either.
This approach works well if you have a stronger memory for visual-spacial tasks.
Make sure you don't use any Apple mobile devices. I refuse to buy an iPad because they won't let LastPass work properly. And I haven't updated my iPhone apps in months since I changed my Apple password to something secure.
