I actually have a system that consists of a mix of the natophonetic alphabet and other obscure words, based on the site that I'm visiting. So long as I remember the system, I will always know what my password for a website is. If the website has a number, capitcal letter, or symbol requirement, I simply put !1[cap] at the beginning. The benefit of this is that I can make a password that is effectively four or five characters long in terms of remembering it, but the password itself will easily be twenty to thirty characters in length. While there is a small systemic risk that someone could find out about my system, they would have to: A. Know to look for it, B. Make a full list of words that I use, and C. Get enough of my passwords to be able to decipher the system. However, I've made a practice of completely rewriting my system every six or so months, so I find this possibility highly unlikely.
I just checked, and it would apparently take 2 trillion years to brute force most of my passwords. Come at me Bros.