I had running battles with DoD and NSA for years over their password composition, change period, and password reuse policies.
I argued, to no avail, that their policies led to people not being able to remember their passwords. This would lead them to do the one thing you should NEVER do, write down a high security password.
The best form of password is to use a memorable, at least to YOU, pass phrase with strategic changes of letters to a number or punctuation. At least one word in the phrase should be an uncommon word.
Ideally, it should be something that someone else would not normally associate with you.
I have three classes of passwords, high, medium, and low security. High security are used for things like banking and healthcare where there would be large amounts of personally identifiable information about you. These are NEVER reused for any other site. It's one and done. I currently have six of these. They are never saved on my computer.
Medium security I use for things like Google, YouTube, Steam, where there may be high exposure but low risk on revealing damaging data about you. Sometimes these are former high security passwords that I no long want to use as such. These are rarely used on multiple sites. I do allow them to be saved on my home computer ONLY.
Low security passwords are for rarely used websites where I don't really care if they have a security breach as there is no personally identifiable information other than possibly my real name. I use a very few old passwords that barely meet the qualifications above.
SpyNavy
Garde la Foi, mes amis! Nous nous sommes les sauveurs de la République! Maintenant et Toujours!
(Keep the Faith, my friends! We are the saviors of the Republic! Now and Forever!)
LonePalm, le Républicain du verre cassé (The Broken Glass Republican)
Ha.
Very similar to my password situation.
IMO the best passwords do not need capitals and special characters. They just need to be unique (so that if one falls the others don’t, and not guessable) and long enough so they are not susceptible to brute force hacks.
I prefer phrases. I once tried “smellydog” but that was taken! And probably too short. So “mysmellydogfartsalot” is an example of an improved version, though I’d bet nowadays that is taken, too. No, I don’t have any current passwords referring to my dog. :-)
A better choice is something less common than commentary on one’s dog.