I’ve spent some time researching this for myself and wrote up a blog with what I learned: Strong Passwords You Can Remember

I also created an infographic to make it easier to visualize: Strong Passwords - InfoGraphic The resources I discovered along the way are listed at the bottom of the blog. One site I found lets you know if your email address has been found a data breach. My old email address was found in a few places! This alone is sufficient motivation to fix weak passwords.

The short story seems to be:

1. Avoid words found in a dictionary in your language.
2. Never use one of the most commonly found passwords (I found a site that lists these some are pretty amusing - there are others out there)
3. Pick from each of the four types of characters: Uppercase, lowercase, numbers, symbols. This increases the space that a brute force attack must search.
4. Most important is password length. Create a password as long or as you can or are allowed to. You’d think this would make it impossible to remember a good password - but, you can repeat a number of (symbols, letters, etc) to increase the length.
   
   An example given by Password Haystacks: How Well Hidden is Your Needle? was D0g………………… (cap D, number zero, lowercase g, 21 periods) - even I could remember this. According to them, it would take an online attack (at one thousand guesses per second) around 93.83 billion trillion trillion centuries!
5. If using a password manager app allows you to create unique and better passwords, that’s better than using crummy passwords over and over. You still need to trust that your primary password doesn’t get discovered.
6. No idea if any of these strategies will be relevant in the future with quantum computing or other technologies - hopefully, we won’t need passwords then.