Online passwords of 10 or more characters are realistically safe from a brute-force attack. Use letters, numbers and symbols, and not names, words or patterns.
Source: How I became a password cracker @ Ars Technica
Tools
Read more
- Strong Password Guidelines @ Strong Password Generator
Excerpt: A strong password has at least 15 characters; has uppercase letters; has lowercase letters; has numbers; has symbols, such as ` ! ” ? $ ? % ^ & * ( ) _ – + = { [ } ] : ; @ ‘ ~ # | \ < , > . ? /; is not like your previous passwords; is not your name; is not your login; is not your friend’s name; is not your family member’s name; is not a dictionary word; is not a common name; is not a keyboard pattern, such as qwerty, asdfghjkl, or 12345678.
image by HebiFot under CC0 license