I think there is a relatively simple rule of thumb: If you can reliably memorize the password with moderate effort, it is very likely not safe. The approaches described in the linked article are clever but they do by far not exhaust the possibilities. One big issue is the following: When you try to come up with random words to compose a password, the words that you'll choose are going to be very very non-random. Example: Tell a person to name a random musical instrument. Most people will say violin or piano. Other instruments will rarely be mentioned. Likewise with tools, most people will say hammer or screwdriver. This has something to do with how words are represented in our mental lexicon. There is a lot of research on that that you could easily leverage in software for cracking passwords, at least the type of password that's using supposedly random words.
> When you try to come up with random words to compose a password
That's why you don't. Give a 64ki word dictionary from your native tongue to your computer and let it choose four words uniformly at random out of it. This gives you a password from a distribution with 64 bits of entropy, and is reasonably easy to memorize with moderate effort.
This means an attacker is expected to proceed to 2\\63 hashes to crack such a password. It would take almost 4 year to crack its MD5 digest on the rig used in the demonstration. If you not using a password manager for external sites (which might not use proper KDFs), you can throw in a fifth word, and be safe for the foreseeable future.
Yeah, I get it. The thing is that many password guidelines do not emphasize how important it is to draw words randomly, and that makes all the difference as I tried to explain.
