Back when I used Dvorak, I made passwords that were the same in both layouts. Obviously, this is even easier in Colemak since not only AM but QWAHZXCVBM (I didn't miss any I hope?) are now stationary between layouts. (On a side note, I won't use Norwegian punctuation in passwords since I occasionally stumble upon a keyboard set to a US layout - if that won't happen to you then feel free! Same with much of the punctuation.)

The number row is there for you too, and much of the punctuation. You can substitute letters with numbers to produce words that are easier to remember. Much like +#4+ (0|\||=0051|\|6 13375p34k (that's "that confusing leetspeak", for the readers who haven't met and befriended hardcore net geeks in a few years). I've used the "+" sign as a "T" in passwords, for instance.

Getting advanced, the whole number row can become letters: tnmRSbVkgl is the coding I use (courtesy of Kurt Bai, the memory wizard) but that particular conversion takes a little twisting to recognize and remember because the row is consonants only (the "0" becoming a loop-script minuscle "l" is worst I guess, or "4" being an "R"; also loopy). The reason I learnt that was the reverse problem: How to remember a lot of digits by converting them to letters and then making words and finally a story out of them. I learnt 100 decimals of Pi with that trick, just to see if I could.  :)

You can also do like the rune writers of old had to, substituting similar letters for those you don't have. In old runes, "konung" had to be written "kunuk" because they didn't have the rest of those letters as runes (yet). So that's what they did. Y -> I -> 1 or | is an example for our use; or U -> O -> 0.

So now, if you want to use... say... CHRYSANTHEMUM as a password, you'll end up with something along the lines of ch4|5a2+h3m0m which is Colemak-QWERTY invariant, not at all easy for outsiders to figure out even if they happen to see you typing it in, containing several categories of characters for further increased security (letters, numbers, punctuation) and still possible for you to remember because it is a word. Nice, huh?

(Yeah, you may not be after such a long password. Just a high-security example there. And for the hackers out there: No, I haven't and will not ever use ch4|5a2+h3m0m as a password since I posted it here, so don't even think of it. Hehe.)

@NeoMenlo: Problem with that is, someone will easily see your password :P

I sincereley hope that you don't use a blank keyboard for operations! ;D
That would be quite disturbing!

Judging from your table, my password is of the 40k+ years variety. It is also easy to remember for me, not physically accessible for anyone stealing a USB stick (or through me losing it - I've found other peoples' sticks) and can be typed easily and equally on Colemak and QWERTY. I guess I won't need more than this? (And no, knowing all these things about my password won't help anyone crack it I believe.)

I'd really not recommend putting passwords on a USB pen. That is so unsafe I cannot begin to describe it.

Yes, my memory is of the sticky type. But that's not what makes my password(s) good: It's the systems I use to construct passwords that are easy to remember for me but tough to crack, and some tricks for remembering them as well. So even if you don't have a good memory you could get a strong password and remember it too.

But I agree that one needs to remember way too many passwords these days. Some I use my system on, some I cannot choose and have to remember by "brute force" but most of the less important passwords like web site passwords that don't involve my bank account get one of a very few "collect" passwords. So if someone were to hack my password on this site they might be able to impersonate me on some other sites as well; that's a risk I just feel I have to take to avoid going mad with the number of passwords.

If your pen's content is strongly encrypted with a strong password, then I suppose it may be a relatively safe way to carry around multiple passwords at the "memory cost" of one. But I'd still be sceptical about the dangers involved. I've coded and messed around with devices enough to get an intuition that your system might be hackable - although I wouldn't know exactly how to.