One of my colleagues offers the following trick for creating complex passwords that meet complexity requirements while still being possible to remember.

I change my complex passwords every 4 weeks.

Considering the long term reliability of this method and ability to store large numbers of complex passwords, I would highly recommend against it.

Next, enable the guest account, make sure the permissions are locked down, give it an equally long, complex password, and rename it to Administrator.

Password cracking software to perform this kind of brute force attack has long been available, but its success at cracking complex passwords is low.

Users are often advised to use mnemonic devices to remember complex passwords.

Identification can occur through physical or other means (physical keys, numerical codes, complex passwords, biometric identification).

All of my accounts have complex passwords I've created using LastPass or some other complex password generation tool.

You trust LastPass, but you don't have to remember all those complex passwords.

They can't remember a complex password which will not be in a dictionary.