The best password is memorable, contains spaces, numbers uppercase and lowercase letters and, possibly, special characters. A phrase with the following characteristics is ideal:

See this XKCD comic to generate strong, phonetically memorable passwords.

You should have one such password everywhere you have to type it by hand, without access to your password manager (for example: iOS Passcode, EFI firmware password). All other passwords should be generated and stored in a password manager and you shouldn’t ever need to remember any of those since you can have the program type it for you.

Do not use the password manager to store your backups’ passphrase. That would create a catch-22 situation where your backup contains the keys to unlock the backup itself!

Refresh these memorable passphrases at least once a year.

iOS Security Checklist

OS X Security Checklist

Best Practices