Always used different passwords for different logins that can keep a brute force dictionary attack busy for a very long time (even on fast machines) and then try to change it whenever I feel it is necessary. Never used a "password manager" as I can just store it all in my memory or use a text file on removable drive renamed to something else and no extension.
Password expiry is also good method, although it is very annoying.
Basically even the most secure password can be cracked, the only difficulty can be the time it takes to do it.
On many sites I use the password 123456, but all of those sites are sites where you need to register to view the site or where it won't matter to me if someone access the account. For other sites more complex passwords are used.
i dont get it at first why would anyone use a simple password like 1234 or 1111, most of the time im advise to change my password. im not surprise these hackers they dont have to work that hard, pleople are basical allowing them free pass.