The BS starts right in the first paragraph:

The best way to explain how to choose a good password is to explain how they're broken.

Of course. So that we "fix" this by making passwords broken in some other way instead.

Modern password crackers combine different words from their dictionaries ...etc...

If one considers that text more closely, one might notice the cracked example is not just combined words from dictionary. It's meaningful English phrase. The xkcd explanation then goes completely ignored, maybe even subverted. If you use English phrase, the attacker can just use Bible, (or even all English text available on the internet) and try all phrases from there. This attack is completely feasible because Bible has only millions different phrases in it. Even if you add 1000 other books into source material to look for phrases, that's still only 10^9 phrases. That is still a number today's computers can crunch through easily.

But if you choose the words at random, as xkcd suggests, it's 2^44 = about 10^30 10^13 (Corrected - thanks to Fred) different word combinations. To compare to phrase from a book above, it's 10^13/10^9 = 10000 times more difficult for computer to guess(crack) the password! In other words, you are 99.999% likely to get unique word combination no one has ever seen. If you add just two words to xkcd example, the odds go completely astronomical, to 2^66 ~ 10^19 to one. It's about the same likelihood as that you would get spontaneously quantum teleported by tunnelling through solid wall, that's why such things just don't happen.

So this is the thing Schneier completely misses. Passwords should never be generated by humans, because humans are too prone to end up with stuff that already exists somewhere. Even if you use complete sentences like he suggests, they may be vulnerable because you can easily end up with same sentence that already exists somewhere on the internet, thus attacker will someday inevitably use it and also replay the simple transformation you did on it.

As you can see, the math on how to choose passwords isn't hard at all. And you don't even need an app to do it right, just dice and dictionary.