Someone just asked me about password systems that work without password managers (for those who simply don't trust them). My advice is based on this XKCD comic, but modified because now most password systems require a capital letter, a number, and a special character in addition to at least 12 characters overall. Here's how I do it.
You still want the phrase with the common words. At least one of those letters has to be a capital, and I tend to capitalize the first letter of the word; maybe that can be easily figured out by a computer, but I think the higher number of entropy points takes care of that. So, with the words from the comic, you'd have:
CorrectHorseBatteryStaple
Then you decide which one of those letters is a number. Every time you use the phrase it should be the same one so it's easy for you to remember. Example, you could say: the first o is always a zero/0. Or, with this particular phrase you could even say that all the o's are zeros since there are only two. Now we have:
C0rrectH0rseBatteryStaple
I always put the special character needed at the end of the phrase.
C0rrectH0rseBatteryStaple?
You want all passwords to be unique, which is hard, but this system still works for that because now you add one final thing to the end: the name of the thing being logged into. Examples:
C0rrectH0rseBatteryStaple?Amazon
C0rrectH0rseBatteryStaple?Gmail
C0rrectH0rseBatteryStaple?Spotify
Using a 4 word passphrase can get long! And if you're adding the name of the service to the end, that still creates many points of entropy, meaning your core passphrase can be shorter. So:
C0rrectBatteryStaple?Amazon
C0rrectBatteryStaple?Gmail
C0rrectBatteryStaple?Spotify
Remember to decide if service names will have a capital letter in front or not. I like doing that as it adds another capital. But choosing all lowercase is fine, too.
For systems that force you to change passwords and to create a new one each time you change, I suggest changing the special character. And keep a list of the special characters and the order you use them in. Like so:
and on and on. Having that saved somewhere won't tip off password stealing jerks cuz it's just a list of punctuation.
Another thing I like about this system is that it means you can keep a digital or paper list of passwords and still not worry if it falls into the wrong hands because you don't put the full password on there, you put:
Because you can likely remember the passphrase easily, whereas you might have trouble with the less easy to remember service names (like ones you log into maybe once a year or something).