[omaranto]

I think the generator from xkcd sounds pretty good. https://xkcd.com/936/

[heyoni]

Problem is so many websites have these arbitrarily low password lengths that usually max out at 20 characters.

[lucb1e]

I haven't seen those in a while now. For random sites you should use a password manager anyway though, not try to remember a thousand passphrases. You're going to end up reusing passwords if you try to memorize them all, or else you'll have to write some down and then you are already using a password manager :). Or you use a system and then 1-2 cracked passwords/-phrases will likely break them all.

Note that this advice is for the average, common site. If you have special considerations for your bank, broker, or similarly high-value sites, different advice might apply of course (but this is not really the place for that and there are already enough recommendations online).

[bombcar]

Worse are the ones that let any length input but only read the first ten characters or so.

[Jaruzel]

For ages I remembered this as 'battery-horse-staple-correct' but then I see loads of people saying 'correct-battery-horse-staple' so now I think I'm the one who is wrong.

I wonder which way round is actually the right way to say it?

[mkl]

Neither? As the linked comic says, it's "correct horse battery staple".

[Jaruzel]

ok typo on my part... anyhoo - does "correct" go at the front or back?! Because the way I read it, the speech bubble saying 'correct' is after the horse and the other two words.

[mkl]

"Correct" goes at the front; see panel 4. You remember the order along with the words, and the imagery is a cue to aid memory, not a script.

[Jaruzel]

Maybe it's because I'm a visual learner that I stored panel 6 and not panel 4.... Even though I clearly stored it incorrectly regardless.