Apparently the eBay and Paypal sites only accept passwords up to 20 characters in length, so 64 is out for them.
I use a password manager with local passcard files, so no online server store for them and it allows creation of 'randomly' generated number/letter/symbol combinations. I would say that two factor authentication is the only way to be sure that even if a password is known the account won't get hacked, as long as the second factor is reliable (a phone number or mobile number that can't be somehow intercepted in any way).
Kinda missed the point.
It doesn't matter how long or strong your password is, if the server gets hacked everything should be considered compromised.
I'm not sure how a password manager works, but I'd assume at the end of it, your password and details still need to be stored on a server somewhere.
After all, how can the server know you have the right password if it doesn't have it to begin with?
OSX / iCloud has a password manager that stores all my passwords and shares them across devices, but I can still log on to anything from any device.
One good but not too difficult-to-use solution for more secure passwords is to use a browser plugin like "Password Hasher". When you have to input a password, it asks for a "master" password, which is then used to generate (through a one-way hashing algorithm) a different password for each website (based on the website name).
You only need to remember the master password, and the plugin does the rest. If one of the websites is compromised, and your password for this site is leaked, nobody can use it to log in on another website. And you can generate a second, different, password for the same site with the same master password (using the "Bump" button).
Try "Password Hasher" for Firefox, "Password Hasher Plus" for Chrome and "Hash It!" for Android (they're all compatible as in they generate the same unique passwords for the same input).