An interesting perspective on 20,000 Passwords. As noted in the comments, the data collection skews the results a bit, since most people who fall for phishing scams aren’t knowledgeable enough to know a good password form a bad password.
But it’s possible to generate a safe password with ease even if your not a technically inclined ;-).