Saying that using random words is better than using a string of unrelated characters assumes that password crackers don't know how to combine words.
There are about 180000 words in English (but don't assume everybody knows 180000 words). That means that for three words, you have at most 5.810^15 options.
For a password with mixed case and numbers, you have 62 different characters. With, 9 characters, you have 1.310^16 options.
I can understand that people would prefer common words to remember them, but they are not that much stronger.
The best password is the password I don't need to remember: generate long random passwords, and store them in your browser, in Keepass, LastPass or whatever system of your choice.
How about mixing languages in the words chosen. English, French, Italian, Spanish, German, etc. Are they using multi-language dictionaries? Also, are they looking for typos? Voluntarily misspelling words would not make it harder to remember yet it might be harder to figure out.
It depends on how many words you have in a string.
XKCD's oft-quoted comic uses 4 words. That would be 100000 times stronger than using just 3 words, and vastly superior to your example of a random 9-char password. The article's own example, "golf kangaroo crispy halitosis", also uses 4 words.
I agree with you that long random passwords are the way to go, but even in that case you need to remember at least one password: the master password to your password manager. It would be a good idea to make that a string of 4 or more words. My LastPass master password consists of 5 words with a bunch of symbols sprinkled in between, and my banking password is 4 words in a foreign language.
The problem is, if you actually choose your 4 words randomly out of the full dictionary, you won't get something like "golf kangaroo crispy halitosis" or "correct horse battery staple". It will sound closer to "capaciously endodermal remast amarantite". The set of words as familiar as "golf", "kangaroo", etc. is much smaller than 100k.
It doesn't have to be as memorable as kangaroo, it has to be more memorable than the equivalent (in entropy) number of random characters, which I think is basically any word.
There are about 180000 words in English (but don't assume everybody knows 180000 words). That means that for three words, you have at most 5.810^15 options.
For a password with mixed case and numbers, you have 62 different characters. With, 9 characters, you have 1.310^16 options.
I can understand that people would prefer common words to remember them, but they are not that much stronger.
The best password is the password I don't need to remember: generate long random passwords, and store them in your browser, in Keepass, LastPass or whatever system of your choice.