I personally like the phrase method–one of my exes used it, only with a paragraph, not a sentence. This gave him a very long password that would be hard to crack. I’ve only adopted it in a couple instances, but that’s because most of my passwords are to online sites that I don’t care about.
Myself, I use a cluster of passwords and usernames, and they intermix–for example, in some places my password is a variation on Jayn_Newell, but in those places I’m not using my full handle, or a different one entirely. This way even if I forget the password to an infrequently visited site, I can do a brute force attack of my own, but it usually takes me under 8 tries to get in because I know the likely options. Places I really care about I use unique passwords, but they’re still ones that have meaning to me and are very easy for me to remember.
I use a couple schemes. I’ve got several word+number passwords that I use for routine sites, sites where I don’t care (too much) if someone figures out my password or not. The words are for the most part random nonsense originally assigned by a system I used many years ago. These word+number combos haven’t changed since the mid-80’s. Example: brell17
For more security I’ll use the same word+number combos, but I mix in the first and last initials of the site, in caps, e.g. SbrellE17 for straightdope.com, FbrellO17 for fandango.com, etc.
For secure sites, I tend to use the same word+number combos mixed with initials for the site, but I leet-speak them and vary the caps, e.g. WbR3!lOi& is WbrellO17 for wellsfargo.com.
Not bulletproof, and certainly less so since I posted this, but I can remember them, and the chances of someone figuring out any of my words and numbers are pretty low, much less the leet-speak translation I impose.
If required to change these passwords I either use a different word+number base, or switch the caps order. I really hate systems that make me change too often. I have a limited number of combinations that I’m able/ willing to remember.
He changes the password so he can set up a new admin account. I haven’t wanted to ask too many questions about it, because he literally pulls the CD-R out of his pants, which is not the normal way we bring software into our area.