You are reading a single comment by @Velocio and its replies.
Click here to read the full conversation.
-
He's right. It's nowhere near as good as using some alternative method such as 2 factor auth or something truly random.
Picking anything based on you, (i.e. facts known about you, your favourite lyric, etc, even your language) is a bad idea.
But... presuming you have a line of gibberish, a longer line will always win. Length trumps complexity enough that if you make it reasonable long and only slightly complex, that's better than short and very complex.
It's only a matter of time though. Everything password based is crackable.
Velocio
I'm pretty much pig-ignorant on this, but Bruce Shneier claims that the XKCD long password thing is no longer a good tactic: https://www.schneier.com/crypto-gram-1403.html#13