Reposting from other passwords thread as I feel it's relevant here also:
Why do people insist on having short (<12 chars) overly complicated passwords? The passphrase: "totallysecretpasswordthatyoullneverguess" (or other similarly-long phrase) serves as a much more secure pass-phrase than the hodgepodge of non-alphanumeric characters people suggest that good passwords are and is far easier to remember.
The only impediment to decent passphrases are services that limit how many characters your password can be.
I don't understand sites that have serious length limitations on passwords. I recall Amex had an 8 character limit last year when I had an account with them.
Passphrases + randomly generated passwords via KeePass or Password Safe is the way I go.
Why do people insist on having short (<12 chars) overly complicated passwords? The passphrase: "totallysecretpasswordthatyoullneverguess" (or other similarly-long phrase) serves as a much more secure pass-phrase than the hodgepodge of non-alphanumeric characters people suggest that good passwords are and is far easier to remember. The only impediment to decent passphrases are services that limit how many characters your password can be.