One technique is to turn your password into a passphrase consisting of several words, which will be both longer and easier to remember than nonsense passwords such as "H4@vNS!3," which Websites sometimes suggest. Avoid common quotations for passphrases, though.

will help you remember it. For example, a passphrase of "Oranges eat bananas but only on the beach" can easily be pictured in your head, even if it might be rather disturbing. Try and tie the visual image around the name of the site; for PCWorld, you could create a passphrase like, "My PC is as big as the Earth."

Alternatively, you can turn the passphrase into a mnemonic by taking the first letter of each word, except for the last word (in order to lengthen the password). This works best if you can work in numbers and symbols, along with some proper nouns (that is, capitalized words). For example, "3 dollar Seville oranges eat 9 bananas in Tahoe" becomes "3$Soe9biTahoe."

Speaking personally, I have no qualms about writing down usernames and passwords and keeping them in my wallet. Yes, there's a security risk if the scrap of paper is lost--although I try to avoid listing Website addresses alongside the passwords, relying on my own memory to know what password is used where. But the risk is considerably less than reusing the same password across various different sites. Ultimately, there's no such thing as perfect security in a world full of fallible humans. We can only do our best.

You can find Bonneau's research .