Much has been written on the subject of making memorable yet secure passwords. Here’s another small contribution.
It has been said that passwords are generally more memorable when they are pronounceable. However, for obvious reasons dictionary words do not make good passwords, and so people have focussed on generating single fairly short nonsense words from lists of pronounceable syllables. However, it seems to me that length only loosely related to memorability, and that real words are probably easier to remember and type than nonsense ones.
It’s also said that good passwords have characters from at least 2 of the sets “A-Z”, “0-9” and “punctuation”. So why not generate passwords containing two words separated by a symbol? If you give them the form [adjective][punctuation/number][noun], such as beheaded!octopus or distressed$asphalt, then they are memorable because of their weirdness, and because you can have a single mental picture to remember – your asphalt with an unhappy face, or your decapitated octopus.
The Parts of Speech Database available from Kevin’s Word List Page has 50,000 adjectives and 100,000 nouns. If you then say there are about 40 numbers/punctuation marks, that makes a possible 200 billion passwords. Quite enough to be going on with, I think. Perhaps not all the adjectives and nouns are usable, because they might be too obscure to be memorable, but you could also use pairs of adverbs and verbs to expand the possibilities.
If anyone wanted to knock up a quick web page which generated passwords from that list, we could see how well it worked in practice…