IMHO humans are not capable to create secure passwords. The time for passwords is over, hardware-based security features like U2F will take over soon. In the meantime I recommend using a password manager and let it create long random passwords which nobody can remember.
If the passwords can be hacked, the same can happen to the hardware-based security features as well. In the next two or three years, I believe that someone will invent a bug which can steal coins from hardware wallets such as Trezor.
That said, the hardware wallets are not affordable to everyone right now. So the vast majority of the Bitcoin users will continue to use passwords.
Trezor is good, but expensive. The U2F is a cheap hardware token like this:
http://www.amazon.com/Plug-up-International-U2F-SK-01-FIDO-Security/dp/B00OGPO3ZS/ref=pd_sim_sbs_421_1?ie=UTF8&refRID=1E0VYC3YY6MQX1DRWT7M
Nobody said that hardware-based security is not hackable, but you can protect against some known attack vectors with it. The grade of security a hardware device offers you can be measured, the same cannot be said about human-created passwords.
