Password or Passphrase
Length matters, complexity less so.
12 characters or more is what we want to see, regardless of complexity.
Key thought: Do not use a password, use a PASSPHRASE. If we call them as such, we will all get the idea of having a phrase to remember rather than a complex but short group of characters.
Uppercase, lowercase, numbers and special characters provide complexity within a passphrase.
Computers ‘guessing’ passwords must assume that you use all characters, case, numbers and punctuation, even if your specific password is only lower case. The key is that it is long.
There are 1,000,000+ words in the English Language. Using Plain english words in passwords is not an issue.
Using sufficient password length is important.
with thanks to http://xkcd.com/936/
But DO NOT USE correcthorsebatterystaple as it is now a common password !
For a more scientific explanation https://pthree.org/2011/03/07/strong-passwords-need-entropy/
and for some alternative calculations try http://www.reddit.com/r/techsnap/comments/18ezb6/correct_horse_battery_staple_really_a_strong/