Nowadays, most people use password managers (hopefully). However, there are still some passwords that you need to memorize, like master password (for a password manager), phone lock, wifi password, etc.
Security wise, can passphrase reach the strength of a good password without getting so long that it defeats the purpose of even using it?
For my personal life I use a password manager, like most people in this thread. For my master password I really want a secure password (LastPass really reinforced the value of that), so I use a passphrase that is then hashed using an algorithm I can do in my head, so it’s a long string of high entropy alphanumeric gibberish that I can remember easily.
At work my IT dept seems to be stuck 10 years in the past, so they have now implemented a policy that our passwords must be at least 16 characters. They keep ignoring my suggestions to get some form of corporate password manager, so I have my work passwords stored in a text file that I’m not allowed to have any form of file encryption so it just sits there in my documents folder. It’s probably not going to be the source of our company getting penetrated, but I don’t consider it secure.
I do like pass phrases because I find them easy to remember, but my current prime work one is really easy to make typos, so I now use the reveal password button more than I ever have before.
At work, if you have the option, consider using KeePassXC or similar software. That will give you a properly encrypted file with secrets and also password-manager features.