Can people really store a random 56 bit code in memory? This Microsoft Research study suggests they can, given enough time to practice.
Notably the study found that the “Diceware/xkcd” approach of using words instead of characters did not overwhelmingly increase recall. While people wrote down their passwords less and recalled them more easily when they were presented as words instead of single characters, the difference not as big as you might think.
The paper also contains the following classic quote.
“In the remainder of the discussion, we refer to those who feign inability to recall their secrets as politicians.”