I'm not sure it's worth all the trouble to go out of the way and adopt a complicated password generation scheme. As long as your password isn't qwery, an attacker brute forcing it seems very unlikely for any competently implemented web app: most block you after n incorrect tries and sending HTTPS POST requests seem really slow. Dictionary attacks on the password hash is another problem, but salting the password should handle this problem.
I agree reusing passwords for multiple services is risky, but shouldn't having different tiers of passwords handle this? Use a really weak password for stuff you don't care about or sites you don't trust and then use a stronger password for your bank, email, etc.
I agree reusing passwords for multiple services is risky, but shouldn't having different tiers of passwords handle this? Use a really weak password for stuff you don't care about or sites you don't trust and then use a stronger password for your bank, email, etc.