What's the max length of a password that's actually used/stored on sites though? Some random sentence might sound safe, but if the site only checks the first 10 characters or so :/ Then try to remember 40 different random sentences for stuff you maybe only access a few times a year. Write it down somewhere safe. There's only 2 (difficult) passwords I remember, the one for my bank and the one for my email, since every password reset request goes to my email. That's the most vulnerable point. That's my Microsoft password now which I also unlock my laptop with every day, so won't forget it. Of course if MS gets hacked :/