[Rust]

My brains alone. Over the years I've developed a pattern I can remember easily, and apply another pattern to it based on the site or app's name. It's a simple math formula that changes the entire password instead of just applying a suffix or prefix to an existing strong password.

Ironically, the only site this fails on is my banking site which has wish-it-was-2-factor authentication and a limit of 8 characters for the password. Stupid.

[DCTech]

Right on! But what if you have a team of employees and interns that need access to different accounts. You can't expect them all to memorize unique passwords.

[Rust]

True enough. But all they'd have to memorize is one hard password (or even a pattern like 102938), and one modifier pattern based on the URL of the site.

A simple example, using 102938 as the base password would be taking the main name part of the url (eg. www.google.com would just be "google"), converting each letter to a number (g = 7, o = 15, o = 15, g = 7, l = 12, e = 5), adding them all together (61), divide that by the number of characters used (61 / 6 = int(10.16) = 10), then add that result to every pair of numbers in the original password (10 + 10 = 20, 29 + 10 = 39, 38 + 10 = 48), giving you a password of 203940 for that site :)

EDIT: forgot to make this hard to crack. Again, the pattern approach can work - 203948 for "google" could easily and predictably become "go20og39le48@mycompany" or some such.