It may seem counter-intuitive to have a plain English passphrase instead of a t0tta11y l337 password, but what it comes down to is how many bits of entropy you can generate while not following any predictable patterns.
Lifehacker has a great article explaining why old password tricks aren’t working anymore with the amount of raw computing power available today.
If you’re lazy and you want to make use of the XKCD passphrase method above, you can always lean on a passphrase generator.
My favorite combination is using LastPass along with its support for two-factor authentication. For those of you unfamiliar with two-factor authentication, the way it’s implemented with LastPass (and Google, if you enable it), is that a random number is generated that needs to be entered in after you provide your passphrase. This random number can either be SMS’ed to you or you can view it using the Google Authenticator app. That random number rotates every 15 or so seconds. It’s a little cumbersome, but in order for somebody to gain access to websites I use, they would need to know my LastPass passphrase AND physically have my iPhone.
Be safe, everyone!
It didn’t take long for somebody to actually implement Randall Munroe’s vision.