The whole notion of passwords is based on an oxymoron. The idea is to have a random string that is easy to remember. Unfortunately, if it's easy to remember, it's something nonrandom like 'Susan.' And if it's random, like 'r7U2*Qnp,' then it's not easy to remember.
Bruce Schneier (2011). “Secrets and Lies: Digital Security in a Networked World”, p.131, John Wiley & Sons
