I've been using cryptic passwords since I cut my computing teeth on an IBM 370. I never liked using passwords like xkcd1234EMC2 though. They may have been more "secure," but they were hellish to remember. I still use them today, but the brilliant Internet cartoon xkcd by Randall Munroe has just shown me that I, and many security experts, have been idiots for years. Read the cartoon below and you'll see what I mean.
Password Strength cartoon by Randall Munroe
Munroe's perfectly correct. If you use a random nonsense phrase for a 'password' you will be able to recall it without fear and trembling and you will be safer from casual crackers. Of course, if you write your password phrases down on sticky notes on your monitor, you're still beyond help. But, hey so long as you avoid phrases such as "This is my password." you should be fine.
Of course, even with this method, you still have the problem of having dozens of Web sites that require passwords. You could use a single password phrase for all of them, but considering how quickly sites are being cracked for their passwords these days, having one password or pass phrase for all your sites is just asking to be cracked.
No, while using a pass phrase makes excellent sense-and I feel like an idiot for never realizing it on my own-you're probably still going to need a password manager.
If you don't mind having your passwords out on the Web, I like LastPass. I can, and do, use this program on any and all platforms. And, since I use pretty much every operating system and platform out there, that's a good thing.
For what it's worth, I trust LastPass. In the end, though, which password manager you trust is a call only you can make. All I know now is that you'll be a lot smarter if you use a four word password phrase than a dozen letters of gibberish for your password. Thanks Munroe.