We're back to what's possible (but very highly unlikely) versus probable.
If people compose a portmanteau password, in their native language, out of 5 or 6 elements from their own life, many of which it is well-nigh impossible for a random hacker to know, they'll have an awfully secure pass phrase.
Anyone who succeeds in figuring out what one of my childhood nicknames was or the name of my very first pet (which died before 1970 and did have a wildly unusual name) deserves to have a better chance at cracking my password.
If you start including things like the house number of your grandparents' home address, your favorite Aunt and Uncle's names, concatenated and capitalized, and the like you really are creating something that, when mixed with other "weird" and idiosyncratic elements, creates a strong password.
People do two or three things that virtually doom them to having passwords that are easy to crack. Using things like abc123 or "hello" with a digit before or after is just simply guessable. Writing down passwords on "carry with" scraps of paper for important things like online banking. Or choosing things from their own past when making complex pass phrases that are simple to look up online.
Since I come from a family where both Mom & Dad had 7 siblings, and all of those siblings had families with at least 2 children, picking the names of two or three cousins (particularly full married names for the women) along with a mix of other random "mental lint from my life" creates a pass phrase that, if sufficiently long, would be awfully hard to crack. Something like Winterthur129*BleepingComputerAlexis@$ would be darned difficult to "dictionary pick" and very simple to remember if everything but the "site name" portion in this example is something meaningful to the person using those elements to create a consistent portmanteau where the only thing that changed was the "site name" portion (which need not be "site name" but something the individual can easily associate with the thing for which they're creating the password). People want something that's easy for them to remember and that is not random to them but would be to virtually anyone else on the planet.
There is a balance to be struck, and if what security experts keep insisting people do is something that for very good reason (impracticality) people will not do then they are contributing to the continuance of the very problems they decry. If you want people to do something routinely, and change their behavior, then you've got to pick something doable. This has been demonstrated so repeatedly that I do not understand why it is not routinely taken into consideration, but it routinely isn't.
Even my favorite password generation method is "too much" for many people, so the idea that most will use something like Dicewords is something beyond "pie in the sky." I wouldn't bet a single cent on acceptance of that or of people in general using only passwords generated by password managers that they cannot possibly recall if they needed to when access is needed but whatever device(s) their password manager can be accessed from just isn't available.
Brian AKA Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134
. . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it. The willing suspension of disbelief has its limits, or should.
~ Ruth Marcus, November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story