I just make up and remember a random sentence and then a random word and number. So many things to remember and do I will just make up a sentence then reptile7* that is a good password. stonedskittleleprechaun is also a good password though. That isn't actually true, you should read the previously linked XKCD for an explanation of why. I have read several times that English prose contains approximately one bit of entropy per character. That means the passphrase "So many things to remember and do I will just make up a sentence then reptile7*" contains at least 78 bits of entropy. Since it has a number and special character it is probably contains even more entropy. 2^78 isn't the best you can do (likely either 2^128 or 2^256 depending on the encryption algorithm being used), but it is strong enough that it can be considered as secure enough (I think 2^80 is the minimum suggested bit strength for a strong password to have though). Honestly even 80 bits is a conservative estimate of the bit strength of that passphrase. One passphrase strength estimation algorithm that is regarded as being accurate starts out with the initial characters adding more bits of estimated entropy to the overall passphrase than subsequent characters do, only leveling out to 1 extra bit per additional character after 20 or so characters. There are also math formulas for determining the amount of entropy in a given amount of data. I can only imagine that the highly mathematical algorithms for entropy estimation are more accurate than even the good password strength estimation algorithms (which may for example compare your passphrase to a dictionary as one of its criteria for strength estimation, a technique that I don't think would be used with the pure mathematical approach). I think somewhere on the XKCD site he describes the method he used to estimate the entropy of the presented passwords though.