That is because people do passwords wrong. Just make your passwords 40-60 characters of a common natural language statement with a random non-alphanumeric character at the end. That is really hard to brute force and easy to remember.<p>Unfortunately, this simple solution won't work on archaic legacy systems that force stupid password rules and max lengths.