I'm way late to the game on this one, but Robert Hensing has a great article explaining why a pass phrase ("Sally sells seashells by the seashore") is way better than a password ("aXUq2eR").

His argument is that with a password of 10 characters or less, it can be hacked using tools that are readily available to hackers. If your password is 14 characters or more, it get's much harder. And by using a familiar phrase, it's still easy to remember!

I guess it's time to change my password...err,  my pass phrase!