Deadkenny - how do you know how good the tools that show how hackable a password is? E.g. One site I use says my 18 character password made up from words in a Horse Staple etc style, is WEAK (their worst rating - equivalent to password) even if I use TitleCase or add a single symbol to the end. Only when I add a number does it move up. If I used 6 characters but with caps,lower,symbol,number it says it is GOOD - their second best. and P455w0rd! Gets its best rating. I am sceptical.
Cougar - password managers make my nervous. If there is a vulnerability all your passwords are hacked - I doubt the average user has any hope of understanding the risk associated with any particular password manager, so other than going with a popular one (all the more reason to try and find an exploit) it might be blind faith. I have a system for remembering them which works well, until either I am forced to update. Each site has a unique password and it wouldn't be obvious how you get my Facebook password if you saw my Twitter one etc. But I have been considering hashing them for added securit - it makes using them on a mobile a PiTA though. Typing real words on a keyboard is actually ok, but a hash or other nonsense is tough.