Pretty much anything that can be remembered can be cracked. There’s still one scheme that works. Back in 2008, I described the “Schneier scheme”: So if you want your password to be hard to guess, you should choose something that this process will miss. My advice is to take a sentence and turn it into a password. Something like “This little piggy went to market” might become “tlpWENT2m”. That nine-character password won’t be in anyone’s dictionary. Of course, don’t use this one, because I’ve written about it. Choose your own sentence — something personal.
Schneier, B. (2014, March 3). Choosing Secure Passwords. Schneier on Security. https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html
I’ve been using this method to generate secure passwords for a few years and it works well. And I use Bitwarden, an open source password manager that’s free for personal use, to manage passwords across devices and services.