To do this formally, you need to consider information entropy.
This is all about how you generated your password. 10 characters of totally random mixed case, numbers and punctuation gives about 60 bits of entropy which is strong enough.
HOWEVER, that calculation only works if all 10 characters were generated uniformly and randomly. Humans are terrible at this. Now, maybe your trick for turning words into safe passwords is great, but there is no way to be sure. Sadly, remembering 10 random characters is hard.
Luckily, easy to remember and strong passwords are possible. The system I would recommend is diceware: www.diceware.com
That diceware system is complete Snowden-level paranoia. Close the curtains! Burn after reading! For everyday techie joe a passphrase + a memorized complex password is just enough. If you're on the internet asking for a strong password method and reading diceware.com you may have your priorities set wrong like an untrained spy.
I would love to see a comparison between where physically and which modifiers are used for each character are, and the strength of a password.
Is a password which is very easy/comfortable to type out physically any more/less strong than another of the same length?
I ask this because I often use a visual pattern on the keyboard for a password and I don't recall which characters they may be, but I recall the pattern in need to type out on a qwerty kb
There was a nice comic/picture of this. I tend to follow it. Basically using 3-4 short words as a phrase instead of random characters. You can toss special characters inbetween/before/after. They are also much easier to remember. Password "FoolMeOnce!ShameOnMe" for example.
Well, it was an example, but I agree. For everything that I can I use keepass with better autogenerated random passwords, but for things like home WiFi and others that I may have to type in manually I'll use a phrase like this. A more random phrase is certainly more secure.
log2(10^16) = 53 bits of entropy or 300 years if your attacker can do a million guesses per second (the link says 1000 keys per second, but that's on the CPU).
You could also use `cat /usr/share/dict/words` instead of the `curl`, which is a much larger word list, but you get impractical passwords like "globular cellulose's malnutrition's dangling".
Wifi password cracking is only around 1000X slower than a SHA256 brute-force if I remember right. So your password needs to be secure enough that if a hash of it was leaked it would never be cracked.... So very strong.
WPA enterprise using certificates is usually much harder to crack since you need to interrogate server, you can't just brute force hash. This method only really applies to PSK mode (home networks and small businesses usually)
That should be enough, but keep in mind that you might be entering the password on a lot of non-keyboards. 20 lowercase letters is faster and far more secure. Even 14-15 lowercase letters is soundly better.
If you consider your random keyspace with 26 * 2 chars + 10 numbers + 20ish special chars then to crack 10 letters you'll have to try an average of ((26 * 2 + 10 + 20) ^ 10) / 2 = 6.8724016e+18 keys. If you then assume around 3 million hashes per second it still takes around 72641 days to crack your password.
Edit: As another comment said, just make sure it's not easy to guess based on rainbow tables and whatnot
I read in many places that the easiest way to generate a really strong password is to memorize a fairly long sentence and use the first letter of each word.
However definitely DONT use a quote or lyrics. Needs to be something unique.
HOWEVER, that calculation only works if all 10 characters were generated uniformly and randomly. Humans are terrible at this. Now, maybe your trick for turning words into safe passwords is great, but there is no way to be sure. Sadly, remembering 10 random characters is hard.
Luckily, easy to remember and strong passwords are possible. The system I would recommend is diceware: www.diceware.com