IMHO humans are not capable to create secure passwords. The time for passwords is over, hardware-based security features like U2F will take over soon. In the meantime I recommend using a password manager and let it create long random passwords which nobody can remember.
If the passwords can be hacked, the same can happen to the hardware-based security features as well. In the next two or three years, I believe that someone will invent a bug which can steal coins from hardware wallets such as Trezor.
That said, the hardware wallets are not affordable to everyone right now. So the vast majority of the Bitcoin users will continue to use passwords.