How to generate easy to type passwords without sacrificing security?
Mandatory "Use a Password Manager!". But you seem to already be aware of this. Moving on.
There are any number of tricks. In my experience, "easy to remember" and "easy to type" typically means "full English words"; my fingers/brain have a much easier time with words than they do with arbitrary sequences of characters. Two systems that come to mind are:
Diceware
Grab yourself a copy of the Diceware word lists [Article], [large_wordlist.txt] and roll some dice! This list of 65=7,776 unique words was carefully selected to be easy to remember. Wikipedia gives these examples as typical diceware passwords:
- conjoined sterling securely chitchat spinout pelvis
- rice immorally worrisome shopping traverse recharger
Also: mandatory XKCD advocating passwords of this style.
Passphrase
I'm an advocate that we should ditch "password" from the English language - since it encourages people to think in terms of single words - and with the exception of a few especially moronic banks, all systems accept spaces in passwords now, so why not think in terms of "passphrases"?
A clever trick that I heard of is to set a passphrase that represents some personal-life goal you want to achieve or fact you want to remember. A) since you type your passphrase many times a day, it's a natural reminder to do the thing, and B) once you accomplish the thing, you have a natural reason to change your passphrase! The following would be examples that would naturally want to change after a month or so:
- "update $% on my 401(k)"
- "get under 10 Smokes/day"
- "Sandy's baby due on Aug 24th"
- "plan Grampa's 80th b-day party"
[ps. I'm waiting for the flame war on this suggestion. My generic answer: use a longer passphrase!]
Disclaimer: I'm interpreting "easy to type" in this question literally to mean consecutive characters or similar typing patterns, which is different from passwords that are "easy to remember". I point this out because none of the other answers appear to interpret the question this way.
How to generate easy to type passwords without sacrificing security?
Short answer: Don't bother.
The reason is it's not worth it unless you are an extremely slow typist. I just tried an experiment where I choose two passwords, both were easy to remember, and one is (seemingly) much easier to type than the other. In order to more easily measure the timing with my stopwatch, I typed both passwords 3 times and compared:
Option 1: (12 seconds to type it 3 times)
This password is easy to remember
This password is easy to remember
This password is easy to remember
Option 2: (10 seconds to type it 3 times)
1234qwerasdfzxcv7890yuiohjklnm,.
1234qwerasdfzxcv7890yuiohjklnm,.
1234qwerasdfzxcv7890yuiohjklnm,.
I actually tried it a few times and the time shown above was my last set of 3 for each. The first couple of times I messed up the "easy to type" password because I was going too fast and bumped other keys.
My conclusion: it's likely to be the case that if you choose any passphrase that is easy to remember, it won't be much slower to type than one that is seemingly more "easy to type". (My average was 3.3 seconds vs 4.0 seconds.) Add to this the slightly higher probability that an easy to type password could end up in a dictionary list, and I'd shy away from it.
Everyday I have to type my password like hundred of times. So I designed a password which was "Easy to type", following these suggestions (based in my own experience):
1) Better if I don't have to use the "pinky" fingers (they get tired after a long use). I suggest avoiding any character or symbol on the extreme left or extreme right of the keyboard. Because of that, no so many uppercase letters should be used (you need to use your pinky for the shift key, right?).
2) Upper case letters should be able to be typed with your right hand (if you are right-handed) or with the index and middle finger of your left hand. The reason is that its easy (for me) to use the left shift than the right (because is farther from the center). Try this: Shift+q seems to add pressure to your hand, compared with Shift(left hand)+P(right hand).
3) If you can type your password with a single hand is better. Sometimes I have one of my hands busy, and typing Shift+7 with a single hand may not be so comfortable. I would say that if you are going to use uppercase letters, try to keep those close to the shift key.
4) Adjacent letters are easy to type (for example: hj in an QWERTY keyboard) but are usually easier to make a mistake (jh instead of hj). My suggestion here is to try not to use adjacent characters in the middle or end of the password to avoid mistakes.
5) Flow is also important. I have found that is easy to type something when all letters/numbers/symbols are moving from one side to another (like playing the piano). If you start in the left side and you finish on the right of the keyboard (or vice-versa). It may be easier also to type with a single hand. For example: 9641 vs 9164 (using the right hand)
6) If you alternate hands while typing is easier (IMHO). For example: "jspenro" vs "jkustwp". Try to keep up to 2 characters per hand. Most of the English words are like that (hands alternate naturally).
7) Not so important, but if you are able to type it without looking it a plus. One of my passwords I don't even know it, but I can type it really fast (as I'm not repeating it in my head), I just let my hands to do it for me: Procedural Memory
The above points works for me, but they may not work for others. If you are looking for an-easy-to-type password for yourself try my suggestions. Otherwise, stick to what has been suggested already: use a Password Manager.