I had my doubts about Schneier's (in)competence level before, but his recent piece Choosing a Secure Password removed them completely. Read on why.