With the cost of hardware getting cheaper all the time, I wouldn't be surprised if an individual COULD create a hash table in RAM that contains a password like "!correcthorsebatterystaple". I'm curious if cloud computing providers like Amazon look for activity like this by their own users? A hacker doesn't even need to buy their own hardware--just rent time on someone else's shiny, high power data center.

Of course, we're talking about the scenario where someone has unlimited ability to try and get a correct password, like stealing the password file or password hash table for some site and running an attack against that file. But if someone can access THAT file, that system already is already in deep trouble.

It's like not someone can try a million passwords by trying to log into your back account through the login webpage. I can only try to log into my work PC three times before it locks me out for 6 hours or until I call an admin and they deactivate the lockout. In that kind of environment, you don't need military grade passwords.

It's old school (practically ancient, in Internet time) but I'm still a big fan of the diceware method, which basically gives you "correcthorsebatterystaple" type passwords. I almost always have at least one number in it, so a simple low security password would have the format word + number + word. Depending on how strong I want the password to be, I will also use diceware to randomly insert/replace a letter with a special character as well as add more words.

A much better system than random gobbledygook passwords, as long as you remember that the strength comes from the length, not the apparent "randomness" of the letters and numbers.