The problem with passphrases is generally they are usually succeptible to dictionary attacks. The problem with 14 character passwords is no one can remember them, and everything has different standards so you can’t meet them all with one password. One suggestion is to have a good base password - like f0Rk$ - then add 5 letters of the place requiring the password, if it is amazon.com add amazo - password is now f0Rk$amazo.
If you always use the same firefox instance, there is an extension that generates a random password within the limits of the website, and remembers it. That way you get an extremly complex password you don’t have to remember. Set a good master password, and even local access won’t give you all the passwords free. The only problem is sites that firefox won’t store passwords for (like wellsfargo.com) or sites that use alternate passwords (like hsbc.com point click passwords).
Since you don’t even know your password, to protect against loss, either
- store a backup of these passwords in a truecrypt volume somewhere else (use another ff extention - password exporter) OR
- don’t worry about it - if you lose your PW just do the PW reset to have it sent to your email.
Which brings up another point, make certain you set a unique password for your email. Don’t store it locally, and make sure your provider locks out attempts after a few failed password attempts. If someone gets into your email, you are sunk.