The password advice we all hate – upper and lower case, numerals and punctuation, change it frequently – is wrong. We knew this in our guts, but now Bill Burr, the original author of the NIST report that started it all in 2003, has recanted.
So now, we’re back to this.
The Electronic Frontier Foundation has word lists you can use for this. They recommend dice to safeguard your picks from any system compromise you may have. If you’re a little less paranoid about it, you can use this Google sheet I have prepared from the SOWPODS.
Finally… DON’T change the pass phrase you make, unless you have a positive reason to believe it’s been compromised. Changing passwords on a regular schedule makes people tend to use predictable passwords. And no good can come of that!