The world's most secure password for websites, games and private data.

[Sampo Syreeni]

The one password they could never divine is \epsilon\epsilon. Two empty 
strings in a row.

Now I can see how some of you might object that it's then just one empty 
string in whole. I disagree: whoever told you passwords have to obey 
normal monoidal string axioms? Quite certainly arbitrary amounts of 
non-visible, un-greppable, in-representable void between and on 
characters *will* prove an un-stoppable counter-measure.

https://xkcd.com/936/

Truth be told, every *nix installation really should have available 1) a 
commonly available dictionary, 2) a true/hard randomness source (don't 
go there), 3) an easily usable means of combining your own off-the-cuff 
source of randomness with whatever you get from your hardware, 4) a 
cryptographically speaking hard mixing function, and 5) a stupid-as-fuck 
freeware utility to fold all of that into an XKCD-hard password. 
Preferably the lot residing in its hard parts on your Android device's 
tamper-resistant whatchamathinga, with open interfaces and a dozen or 
so independent implementations of each part.

Of course you can attack something like that. Duh. But compared to what 
we have now, it'd be a total hoot.
-- 
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2