There is not much to discuss; it is mathematically proven that truly randomly generated passwords are much stronger than real words and sentences. We don't need to mix a strong system with a weaker system, either, that only reduces security.
My mate, I honestly suggest you go and change all of your passwords, now..
Having strong passwords is good, but 2FA is better because no password is strong enough not to be cracked with a quality config and combolist. A lot of accounts could get cracked using good checkers, so when that happens even if they've got the username and password they can't access the account if they don't pass through the 2FA settings. For a forum like this having the question and answer feature set up is also recommended, to enable easy account recovery. Hence, since the forum is not a target to crackers, its nothing to worry about, since the forum account sales market is falling on daily basis. Though, your thread is very excellent, as we are meant to be security conscious online and keeping things private is important.
I also have a question, what happens to a person that doesn't have a picture anywhere online? if their privacy is leaked that is they don't use VPN, Tor or all the tools you just mentioned, as the forum encourage users not to attach their real faces on the site.