>>>(Eureka, there's my new password -- worldcup. LOL).
>>
>>https://xkcd.com/936/ (obligatory)
>
>The option of dictionary attacks will decrease the time needed a lot, so having more hard to remember elements IS crucial.

Actually that is not really true. Dictionary attacks are only useful to crack passwords which has words found in the dictionary being used. Combining a number of simple words into a long password provides excellent protection e.g. "thetitleofmyfavouritebook" is not in any dictionary and is going to be immensely difficult to crack because of the number of permutations involved. All I need to do is throw in a special character and/or some mixed case and/or a foreign word, e.g. "Ganss", and the difficulty becomes truly huge. Try this website and my example (including the dictionary attack option):

http://password-checker.online-domain-tools.com

https://howsecureismypassword.net - says it will take to the end of the universe to crack the above password using 4 billion calculations/sec :)

Furthermore, password cracking using dictionary attacks (or rainbow tables and similar options) usually imply the attacker in possession of the password file (or even the device, laptop, etc.). In that scenario you are probably doomed if the attacker has the skills and motivation to break into it. Usually by bypassing the password system altogether. For most online accounts (e.g.web mail account) the automated account lockout and/or slowdown is going to stop all dictionary type attacks anyway (at least if the website has any credibility at all). 3 attempts and the account is locked for 1 minute is enough to prevent all such attacks.

People who get their online accounts hacked are usually victim to keyboard loggers and other malware already running on their equipment - not hackers randomly trying endless passwords. Or line sniffers intercepting unencrypted credentials.

Even though the sample password above is using only lowercase letters the attacker does not know that and will still need to test upper/lower/numeric/etc. Really, just use your favorite book name, toss in a prefix or suffix related to the website and you are done e.g. "gmail_myfavouritebook" , "amazon_myfavouritebook", etc. Easy to remember and difficult to break.