From security guru Bruce Schneier;
"The attacker will feed any personal information he has access to about the password creator into the password crackers. A good password cracker will test names and addresses from the address book, meaningful dates, and any other personal information it has. Postal codes are common appendages. If it can, the guesser will index the target hard drive and create a dictionary that includes every printable string, including deleted files. If you ever saved an e-mail with your password, or kept it in an obscure file somewhere, or if your program ever stored it in memory, this process will grab it. And it will speed the process of recovering your password."
There's still one scheme that works. Back in 2008, I described the "Schneier scheme"; take a sentence and turn it into a password. For example:
This little piggy went to market might become "tlpWENT2m".
WIw7,mstmsritt... = When I was seven, my sister threw my stuffed rabbit in the toilet.
Wow...doestcst = Wow, does that couch smell terrible.
Ltime@go-inag~faaa! = Long time ago in a galaxy not far away at all.
uTVM,TPw55:utvm,tpwstillsecure = Until this very moment, these passwords were still secure.
Schneier continues with this advice;
When it comes to passwords, yu can't get any better advice than this, special thanks to Bruce Schneier.