Perfect Passwords: Selection, Protection, Authentication

Everyone seems to have some advice on how to make strong passwords. Some of this advice is good; some of it is bad. I have grouped this advice into three basic rules: the rule of complexity, the rule of uniqueness, and the rule of secrecy. Use these rules as guidance in developing strong passwords.
Complexity makes a password strong. It ensures unpredictability and resistance to brute-force attacks. Complexity is a component of password length and diversity of content.
To ensure password complexity and augment length, your password should contain at least three elements. These elements have no specific definition, but they might include characters, numbers, symbols, words, or phrases. Each element is an opportunity for randomness. These elements can be loosely related and can sometimes employ repetition if used wisely. Here are some examples:
Orchard/making-pies
flour&eggs&milk
2crazy@doghouse.com
Turn left,right,right
To protect against brute-force attacks, your password should allow for a keyspace of a thousand trillion passwords. Focus primarily on passwords that are 15 to 20 characters long with mostly lowercase letters to facilitate typing. However, also include the following elements whenever possible:
Use uppercase letters in positions beyond the first character
Use one or two numbers throughout the password, not just at the end and beginning
Avoid passwords made up of more than 50 percent numbers
Use punctuation and other symbols as delimiters or bracketing throughout the password
Use spaces if the particular system allows
Use high ASCII or Unicode...