I used to have rather terrible account security, but I'm in the process of fixing that at the moment. Seriously, I used to store all of my passwords in a plaintext .txt file, and also had repeated passwords (repeated passwords with easy to find personal information, no less).
I've been umming and erring about finally fixing the issue once and for all, but I finally got around to chaging my passwords and accounts. Right now I've printed out a list of all my passwords (your move, hackers) so unless someone breaks into my house there's nothing they can do about it.
The method I currently use for passwords is to string together a whole heap of words and add in a few capitals, numbers, and symbols (don't put the capitals at the start, or the numbers and symbols at the end, that's too obvious). Also, I don't use real words, since those are vulnerable to dictionary attacks, especially if they're common words. Instead, I just make up a load of nonsense words that sound kind of like words, but aren't (or at least, aren't English words, but practically every combinations of phonemes is a word in some language).
For example.
byang punyo olus
There, absolute gibberish. Well, upon Googling it, it turns out Byang is the name of some African Evangelical, a Punyo seems to be some kind of Filipino martial arts weapon, and Olus seems to be an alternate spelling for the Greek God Aeolus. It's always amusing to find out the actual meaning of these words.
Next step, add in some additional security.
bY9ang puNyo olu$s
There, an 18 character password that contains capitals, numbers, and symbols, and won't be susceptible to dictionary attacks. What's more, it's much easier to remember byang punyo olus and the position of capitals, etc, than it is to remember fD345#/d354|0#@85$, and it's much easier to type. It can be even easier if you remove a word, since this level of security is probably overkill for unimportant accounts.
Combine that with a password database to fall back on and you should be fine. Oh, and before anyone mentions it, no, revealing this system isn't actually putting me at risk. One of the key elements of a secure system is that it should be secure even if people have some understanding of how the system works.