frustrate shouldservers

[Tim Chase]

I've used a technique that's come to be known as "password
haystacks" (see link below) which involves simply padding your
good (or even written shoulder-surfable) password out to a reasonable
length to make the brute-force cracking all the more complex.

So say my password is "correct horse battery staple".  I might take
that and then add 8 periods at the end. Or 10 ampersands.  Or
alternate dash-equals-dash-equals as many times as you want. Or
whatever secret character or characters you want and however many of
them you want.  It's also particularly handy if you have to change
your password on a regular basis (I usually just change the haystack
characters).

Alternatively, if you use a GUI and "keepassx" is accessible in your
screen-reader, it allows you to generate strong passwords, keep them
safe behind one master password, keep them hidden from
shoulder-surfing eyes, and will auto-type them into the last window
you were in.  This is the solution I use for most passwords (except
my master passwords, for which I use the haystack method).

-tim

https://www.grc.com/haystack.htm