Cracking programs aren't just using dictionary items, but common letter/number substitutions, word combinations, and frequently used numeric suffixes and prefixes. And if the cracker has any info about you (esp. stuff from your hard drive), that's all grist for the cracking mill (so your birthday, anniversary date, kid's dates, zip code, phone number parts, etc.).
The safest thing you can do is some sort of password manager (I use LastPass, like Les) to generate completely random password strings. Since LP will then fill in the information on the web page, it's not like you have to transcribe it.
Reshared post from +Les Jenkins
I use Last Pass myself and have it generate 14 character random passwords using all 4 character types (Upper, Lower, Number Symbol) if the site allows for it.
Choosing a Secure Password
As insecure as passwords generally are, they’re not going away anytime soon. Every year you have more and more passwords to deal with, and every year they get easier and easier to break. You need a strategy.
47 view(s)
The key is bits of entropy. Put spaces in tour passwords to maximize bits of entropy.
Or use something like Keepass and random character strings. 16 characters of random uppercase, lowercase, and numbers is a lot of entropy, even before you hit special characters.
Ironically, the problem is so many websites with stupid rules on how passwords are made but limit you to like 8 characters. That's a recipe for disaster no matter how you slice it.
Oh, and use 2-factor authentication where possible.