I've always been taught to avoid using phrases or even words. Instead I was told to use a memorable phrase to generate a password from the initials of the words.
So, for instance "Has Lewis Hamilton won the Formula 1 drivers championship 4 times?" would generate a password "HLHwtF1dc4t?"
Or "Leeds United beat Southampton 7-0 in 1972!" would generate "LUbS7-0i1972!"
I think it's quite a nice way of making a password that to all intents and purposes is completely random, but which gives you some chance of remembering it.
Anyway, however you all do it, make sure your passwords are strong. That means long passwords consisting of upper case and lower case letters, numbers, and symbols.
Also, keep track of all your passwords. You can use a password manager, but personally I just use an address book. I write website names in under the appropriate letter, and stick post it notes next to them with my password phrases on them. Every now and then I'll swap a couple of the post it notes around, and change my site passwords accordingly. Or I'll add a new password to the pool and get rid of an old one.
This might all sound like a lot of work, but in reality it's probably only 5 or 10 minutes a month, which is not a lot to protect yourself. We all lock up our cars, lock our house doors and windows, and maybe switch on the alarm every night. These are basic security measures, and so is using strong passwords.
For those of you who, like myself find all of this a pain, who remember what the internet was like 15 or 20 years ago when security was hardly an issue, and don't think you're going to get caught out, make no mistake, times have changed considerably.
If you use your date of birth in your password, or the name of your favourite football team, or any other obvious words, or combinations, then you're making it easier for the hackers. Similarly if you use the same password for lots of different sites, then a security breach on one site will mean all your sites are compromised. If you don't try to use strong, unique passwords you will get caught out at some point.
I should also add that this advice is not limited to this website, it applies to every website. Even the most secure sites can get hacked, so get yourselves organised, take the basic precautions, and just like you would would lock the doors to your house at night, please use strong, unique passwords.
Apologies for the lengthy post, and sorry to those who might feel this is perfectly obvious, but I'm sure there will be a few amongst us who are less security conscious than they perhaps should be.
If you need any more information or advice on this then please feel free to ask, or if you want to go beyond what the forum owners, stoooo, myself, or anybody else here can provide, then a simple search for "password security" will give you a load of answers.