This is the system I use:
1) Generate a password that you can remember individually. Personally I use the program pwgen which produces "pronounceable passwords". I use it in 8-character upper/numerals/symbols mode.
2) Write that password down. Yes this is heresy; you'll securely destroy it later.
3) Memorize that password.
This is a lot easier than you think. I find if I spend 5 minutes a day memorizing a password I can recall it easily in a week or so, and have probably memorized it pretty much permanently after a month or two. Remember studying in university? Use those techniques. Flashcards are very effective; an important part of memorization is being forced to recall what you are trying to memorize.
4) Repeat until you have 5 different passwords memorized. During this process it helps to do something like encrypting different files with the sub-passwords, and practice decrypting them to ensure you don't forget the individual parts. This also allows you to avoid having copies of the parts of the password if you're paranoid.
5) Take all five passwords and concatenate them into one big super password: eiS9ui@R + vi4Ug~ee + Aet\ito0 + ohB$oh9w + Roh"k2ie = eiS9ui@Rvi4Ug~eeAet\ito0ohB$oh9wRoh"k2ie
6) Use this password! Eventually you will forget it, although the time it takes to forget it will go down exponentially the longer you use it. For me I make a point of using my passwords every month or so. Even just recalling it mentally is enough.
This final password is now 40 characters long. How secure is it? We want at least 128 bits of entropy to make it infeasible to brute-force the password.
Well to make the password pronounceable pwgen filters out non-pronounceable letter combinations, which roughly speaking means that vowels are separated by constants. For the sake of analysis lets say we have a strict vCvCvCvC format; the actual algorithm allows for more possibilities. So each 8 character password divides into 4 pairs, each with 105 possible combinations. log((105^4)^5)/log(2)=134, IE we have 134 bits of entropy. Good enough!
One upper case character per password adds about 8 more possibilities. The one numeral adds roughly another 8*10 and the one symbol adds 8*32. log((105^4*8*8*10*8*32)^5)/log(2)=221 bits of entropy - almost the gold-standard 256bits level that modern encryption provides.
The key is that you don't try to memorize the whole thing at once. Split the task up into a few subtasks, IE, sub-passwords, and memorize them one after another. People used to have dozens of phone numbers in their head, memorized one at a time.
xkcd's famous password strength comic (
http://xkcd.com/936/) is good advice too of course, although for a cryptographic password you need more like 12 randomly picked words. My point is that even doing things "the hard way" it's easier to come up with a really, really good password than people realize. You just gotta trust that you really can learn.
People used to commonly memorize entire books, word for word. Actors still memorize hundreds of lines for long plays, all the time. It's not that hard.
Of course, lets be realistic, the average Joe isn't going to do any of the above...
