Good point about 2FA, I just re-enabled that now — I had disabled it a few months ago, as there was some issue and it could only send me SMS, which I found was “too noisy” at the time. Well, the consequences of potentially losing my account are far worse than some minor annoyance, and the danger just got real today.

Instead of LastPass, I use Google Chrome-generated passwords to log into most services (apart from 3–4 main accounts).

Regarding passphrases — I do use those for my private keys (being a web developer). They’re fairly long and more secure than most passwords, and I do understand the benefits. Some websites however still insist you need a special character or capital letter in the password, so I settled for the pattern I’m currently using.

You could however modify your password pattern to be a passphrase and still comply with the unnecessarily complicated security requirements or some websites — perhaps I’ll do that now!

The idea of passphrases (and the xkcd comic you mentioned) is to build a story around your password, which is what I suggested as well. Instead of 4 semi-random words, however, my pattern is very specific, personal, and therefore memorable.

Thanks for the comment, cheers!