One of the best ways to create a random yet memorable password is to use "Diceware." This involves literally rolling dice and matching the resulting numbers to a list containing 7,776 English words, each identified by a five-digit number. Five Diceware words has long been thought to provide enough security for the average user.
A five-word Dice password could be something like "boseenricoglennlardheath" or "mastkeithhaagquirttulip."But five words is no longer enough, Diceware creator Arnold Reinhold wrote earlier this month. Since creating Diceware in 1995 Reinhold had recommended at least six random words for people "with more stringent requirements and where the passphrase was being used directly to form a cryptographic key," but for average users he had said that five would do.
Now, for average users he recommends "a passphrase with six Diceware words, or five words with one extra character chosen and placed at random."