I discussed the details of how you can do it here: http://it.slashdot.org/comment...
It's really the only solution. There are 2 modern threats to passwords: computationally weak passwords and compromised servers with poor practices.
It's easy to make a computationally strong password, and it's not hard to make it memorable. But poor HR/IT policies such as described here compromise good passwords (forcing rapid changes, disallowing long passwords, etc). So memorable passwords are not easy, in practice.
On the other hand, there is absolutely nothing you can do to fix the possibility of server-side password leakage, aside from avoiding inter-site re-use.
The parameters which solve these two issues is really obvious: never provide any server which is not 1.) unique, and 2.) effectively random.
Once you're that far, it's also obvious how to get from something memorable to something unique and random: you take something simple, salt it, and encrypt/hash it. There is one additional step of complexity: use a non-secure transform to convert your random hash into an IT-approved password. If they want a character and an uppercase, go ahead and add/replace to get those characters. It doesn't matter if those characters are secure, since the rest of your password is: put 123!@# on the end of every password if you want.
The only problem left is that we can't compute hashes in our head, but there are hardware answers to that. The only place this falls short is when you are not permitted by policy to bring a device with you, and there is no trusted hardware on-site (desktop) capable of computing a hash.