If you would like to create a secure and memorable passphrase, create a nonsense phrase that creates a surreal scene.
A recent study by Joseph Bonneau and Ekaterina Shutova found that passphrases may not be as secure as you think. The study found that because people use common phrases instead of random multiple words in, they are more susceptible to being able to a dictionary attack (or automated attack on a system using common words, phrases, or passwords to break into user’s accounts). The study recommends that you should use random multi-word phrases rather than common language phrases.
For a few years now I have been creating my own surreal passphrases. I create passphrases that evoke a vivid, memorable, yet surreal scene. For me, these passphrases are fairly easy to remember, and as the research suggest, more secure. This is illustrated in a cartoon I came across from http://xkcd.com/ while doing research for this post. The cartoon illustrates both the passable memorability and the increased security of a nonsense passphrase.
Joseph Bonneau has written that, “a really strong password is one that nobody else has ever used.” A surreal passphrase has a low likelihood that it has ever been used before and a low likelihood that it will be guessed by someone trying to break into your accounts. Furthermore, if it is poperly and creatively constructed, it will probably be easier to remember.