How can I generate safe passwords?

You can't. The key word here is GENERATE. Once an algorithm for creating passwords is specified using upon some systematic method, it merely becomes a matter of analysing your algorithm in order to find every password on your system.

Unless the algorithm is very subtle, it will probably suffer from a very low period (ie: it will soon start to repeat itself) so that either:

  1. a cracker can try out every possible output of the password generator on every user of the system, or

  2. the cracker can analyse the output of the password program, determine the algorithm being used, and apply the algorithm to other users to determine their passwords.

A beautiful example of this (where it was disastrously assumed that a random number generator could generate an infinite number of random passwords) is detailed in [Morris & Thompson].

The only way to get a reasonable amount of variety in your passwords (I'm afraid) is to make them up. Work out some flexible method of your own which is NOT based upon:

  1. modifying any part of your name or name+initials
  2. modifying a dictionary word
  3. acronyms
  4. any systematic, well-adhered-to algorithm whatsoever
For instance, NEVER use passwords like:

alec7
it's based on the users name (& it's too short anyway)

tteffum
based on the users name again

gillian
girlfiends name (in a dictionary)

naillig
ditto, backwards

PORSCHE911
it's in a dictionary

12345678
it's in a dictionary (& people can watch you type it easily)

qwertyui
...ditto...

abcxyz
...ditto...

0ooooooo
...ditto...

Computer
just because it's capitalised doesn't make it safe

wombat6
ditto for appending some random character

6wombat
ditto for prepending some random character

merde3
even for french words...

mr.spock
it's in a sci-fi dictionary

zeolite
it's in a geological dictionary

ze0lite
corrupted version of a word in a geological dictionary

ze0l1te
...ditto...

Z30L1T3
...ditto...

I hope that these examples emphasise that ANY password derived from ANY dictionary word (or personal information), modified in ANY way, constitutes a potentially guessable password.

For more detailed information in the same vein, you should read the APPENDIX files which accompany Crack [Muffett].