Consider how good of a password you need to secure different things. For example, with low-risk areas, such as an online news website, you can use an easy-to-remember passwordÑyou might even use the same password for other low-risk things. For very sensitive items, such as your system administrator password or an online bank account, use a unique, hard-to-guess password for each separate area, and do not reuse it elsewhere. This way, if one password is compromised (that is, someone figures it out), your other areas are not affected.

Good Passwords:
Use a long sequence of random characters. Include a mix of upper- and lowercase letters, numbers, punctuation marks.

Some guides say use characters typed while holding down the Option key (if the site or item supports it).
This could be a problem if you use different operating systems e.g. Mac OS X and Windows which might generate different characters with the option key.

Passwords should be at least 8 characters.
The number of random combinations using upper and lower case letters:

Length  Combinations          Time *
6       19 Billion (109)      33 min
7        1 Trillion (1012)    28 hrs  
8       53 Trillion (1012)    62 days
9       2.7 Quadrillion (1015) 9 yrs
*Time to crack using a Fast PC, Dual Processor (10 Million passwords/sec - Class D)
Note: If your password is not random. i.e. uses common words or phrases,
      it will be much faster.
      See password cracking methods below:
      
A good general rule:
  Use 8, 9 or more characters.
  With one character from at least 3 of these groups:

   1. Uppercase letters (A-Z)
   2. Lowercase letters (a-z)
   3. Numbers (0-9)
   4. Punctuation characters (such as !, $, %, #)

1) $, S or 5 for s
2) 1, I or ! for i
3) @ or A for a
4) 7 or T for t
5) 3 or E for e
6) 9, G or 6 for g
7) 0 or O for o
8) 8 or B for b
Note: Password crackers are becoming aware of this,
so by itself it is not as good as some of the following.

C. Use the first letter of phrases and then method A above.
To be or not to be that is the question -> Tbontbtitq -> 7b0n7B7!7? C. Other phrase tricks:
Oh me oh my! -> 0Me0meye!
got lost! -> gOt%L0st!
help for me (money) -> heLP4me$
Raindrops keep falling on my head -> rsKf0myH

What not to use:
common words or names
reversing a word,
capitalizing the last letter.

Most common:
At Schneier on Security: Real-World Passwords, Bruce Schneier describes his analysis of 34,00 passwords in 2006.
The top 20 passwords are (in order): password1 (0.22 %), abc123, myspace1, password, blink182, qwerty1, ****you, 123abc, baseball1, football1, 123456, soccer, monkey1, liverpool1, princess1, jordan23, slipknot1, superman1, iloveyou1 and monkey (0.02%).

1992 Gene Spafford cracked (.pdf) 20 percent of passwords.

Password Cracking
The principle behind password cracking is quite simple: take a large word list, encrypt each word and check if the encrypted string matches the user's password. Word lists that are used frequently include English and other language dictionaries, common names, pet names, television and movie characters, character patterns on keyboards (for example, qwerty) and jargon or slang terms.

Links:
AusCERT - Choosing good passwords
Password Checker at Microsoft
Strong passwords: How to create and use them at Microsoft
Diceware Passphrase Home
Creating Good Passwords - Antionline Forums - Maximum Security for a Connected World
Choosing good passwords in Mac OS X